If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Transformer Data Level Security

Started by Robl, 27 Jan 2015 10:02:19 AM

Previous topic - Next topic

Robl

Hi,

I think I know the answer to this question, but I'm after a second opinion just in case.
I have an FM model that uses the UserName of the logged in user to apply a filter against a security table to get some data level security.

I need to apply the same security to a cube.
As I understand it, even though the cube might be sourced from the package, the cube is a totally seperate entity and any dynamic filters and suchlike from the package don't get passed to the cube, they are just used to create the dataset from which the cube is built.
ie. If the user is filtered to only see CostCentreA and he builds the cube then the cube will always have just CostCentreA; if a second user with access to CostCentreB opens the cube they won't see CostCentreB.

The standard way to do data level security in a cube is to create custom views and secure them to user groups.

My question is; is there another avenue of Transformer/cube security that might be worth exploring?
Or, is my first thought correct and there's no quick fix here, and the custom views need to be created.

I have about 100 different cost centres and 200 different users that each need access to a few of those cost centres, so I don't like the idea of doing the custome views.

Thanks.


MFGF

Quote from: Robl on 27 Jan 2015 10:02:19 AM
Hi,

I think I know the answer to this question, but I'm after a second opinion just in case.
I have an FM model that uses the UserName of the logged in user to apply a filter against a security table to get some data level security.

I need to apply the same security to a cube.
As I understand it, even though the cube might be sourced from the package, the cube is a totally seperate entity and any dynamic filters and suchlike from the package don't get passed to the cube, they are just used to create the dataset from which the cube is built.
ie. If the user is filtered to only see CostCentreA and he builds the cube then the cube will always have just CostCentreA; if a second user with access to CostCentreB opens the cube they won't see CostCentreB.

The standard way to do data level security in a cube is to create custom views and secure them to user groups.

My question is; is there another avenue of Transformer/cube security that might be worth exploring?
Or, is my first thought correct and there's no quick fix here, and the custom views need to be created.

I have about 100 different cost centres and 200 different users that each need access to a few of those cost centres, so I don't like the idea of doing the custome views.

Thanks.

Hi. Sadly you're not missing anything here. As you suspect, security within PowerCubes is entirely separate from security defined within a Framework Manager model. FM models are simply data sources as far as Transformer is concerned, and if the user ID Transformer is connecting via triggers FM security filters, then it simply means Transformer doesn't get a complete data set - just one filtered based on that user's security filters.

You need to have the entire data set provided by the data source connection (ie have Transformer connect as a user that can see all data) and you need to define custom views in Transformer to secure access to this data when it gets delivered into a PowerCube file. This means setting up the security all over again in Transformer.

Sorry!

MF.
Meep!

Robl