If you are unable to create a new account, please email support@bspsoftware.com

 

Security filter make the data to be irretrievable

Started by progmomen, 05 Mar 2023 03:10:15 PM

Previous topic - Next topic

progmomen

Hi,

After applying a security filter to couple of users to a certain table on DB2 source db.
logging in with that user, the whole data of that table is irretrievable and I get the following error:

The column 'ID' of 'STORAGE_POINTS02' could not be found in the model. Possibly caused by out-of-date query subject definition: 'STORAGE_POINTS02'

FYI: the column name is storage_points

bus_pass_man

A little more detail could be helpful. 

What is the security filter expression?  Where are you putting it?  In a schema or in a FM model?  How do you know that you should be getting results after the filter has been applied? 

progmomen

Thx for reply,
I use CA 11.2.2 on CP4D
and I have put the security filter on the data source schema
If the table lets say have (ID,OwnerID) like:
1,1
2,1
3,2
user x should only see data with ownerID "1", and user "y" should only see data with ownerID "2"
The expression I used for user x is: Storage_Points.OwnerID = 1
as an admin when I test the security filter with the preview option and it works, but when I login with user "x" I get the mentioned error on the filtered table. 

MFGF

Quote from: progmomen on 06 Mar 2023 03:58:55 AM
Thx for reply,
I use CA 11.2.2 on CP4D
and I have put the security filter on the data source schema
If the table lets say have (ID,OwnerID) like:
1,1
2,1
3,2
user x should only see data with ownerID "1", and user "y" should only see data with ownerID "2"
The expression I used for user x is: Storage_Points.OwnerID = 1
as an admin when I test the security filter with the preview option and it works, but when I login with user "x" I get the mentioned error on the filtered table.

Hi,

Are you referring to object security (ie securing namespaces/query subjects/query items) or are you referring to security filters (applying filters based on roles/groups/users)?

If it's Object Security, when you have no object security defined in your model, the entire model is "open", and everyone can see everything in the model (and therefore in any packages you publish from the model). As soon as you define the first object security rule, the whole approach changes. The model then *only* permits access to the objects that the security rules allow access to (and this applies in any packages you subsequently publish from the model). This means in the case you are describing above, when user x logs in a package you publish, they will see *just* the objects you defined security on. The same goes for user y. When user z logs in, they end up seeing nothing at all. The way to resolve this is to define object security at the very top level in the model to open it up again - for the top-level namespace, define a rule that grants access to the 'Everyone' group.

Not sure if this is your issue?

Cheers!

MF.
Meep!

MFGF

Hi,

As an addition to this, I was just in contact with an IBMer friend, who managed to determine that this sounds like a defect in the product.

The problem is fixed in 11.1.7 FP5 or FP6 and in 11.2.3 and 11.2.4, so the best thing for you is to upgrade to a version that fixes the issue.

Cheers!

MF.
Meep!

progmomen

Thx MFGF for your help,

I work with the data modules directly, not with published packages and I have set the security filters on the schema directly.

Unfortunately, I can't upgrade to 11.2.3 or 11.2.4 due to license issues
I have opened a case with IBM Support to see if they have any kind of a solution, I will contact them again and ask them about the defect you kindly mentioned.

If there is no solutions, Is there any other way to apply filters based on groups/roles instead of putting filters on the data modules and duplicating my reports ?