If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Best quickest, easity, security based on Group Security

Started by Grayson_Basil, 08 Aug 2016 02:31:02 PM

Previous topic - Next topic

Grayson_Basil

Today, I was told that every Salary report now has to have security.  If a Full Time Employee, all the data is available.  If Part Time employee, then they can see only the part time employees data. 

I would make a flag, but we have about 20 reports that I have to update.  I really never used data security before, especially after that fact, im sure this is easy, but I cannot figure it out. 

Any guidance will be greatful

thanks

bus_pass_man

The most intellectually challenging aspect would be defining the requirements.  The second most is finding the data security filter location in the query subject and dimension editors.  You want to use security filters rather than ordinary filters to define your data security. You can get security filters to inherit from other security filters, which is one plus for using it.

Are you sure that it is a data security problem only?  Are there object security aspects?

Read the appropriate documentation sections about security, parameter maps, macros, and session parameters.

Use the sample models to get a grasp on how to use a session parameter in a macro.  The samples have query items where the runLocale session parameter is used in conjunction with macros.  The samples use this to create a dynamically generated string which defines the query item.  In the security filter context you will probably not need to do anything other than use the macro to look up the user identity and substitute the filter expression you want for that person.

Store the security information in a table and use that table in a query item parameter map.  This will enable you to perform administration (altering lists of users, for example, when they are hired, change jobs, and sacked etc.) without republishing your packages.

Try to define the security filters to fail safe.  It would be easier to explain why someone isn't getting data displayed then getting data which he should not have seen.

Hope that gets you off in the right-ish direction.