Implementing Security in OBIEE
Hello guys, let's resume the subject security in OBIEE, specifically security level column and filter data.
The column-level security or folder allows you to control its visibility, is implemented in the presentation layer, hiding the objects for a particular group of users.
Have the filter data (Date Filter), have spoken of him in this blog, is implemented directly in the group associated with the user via a SQL clause.
In our example the user group managers are allowed to see the total sales and total costs for city regions and geographical sellers must now see only the total sales and the only city he represents.
The user bieeuser1 that's associated with the profile managers built a report shows total sales and cost variables by geographic region and city and want to publish this report to all its vendors.
The column cost variables "10 - Variable Costs" column and the Region "R50 Region" should not be viewed by the seller.
The user profile associated with this bieeuser2 Sellers and should only view the same report to the city he represents, Bueno Aires.
The result presented below is for the manager:
The result will be presented below for the Seller:
Let's start by implementing the security filter data (Date Filter) in OBIEE:
1 - To create a table that access control where you can define the user, user group, the size and value that will be filtered. This table structure makes it flexible for future inclusion filters data to other users and other dimensions.
In our example the user will receive the filter bieeuser2 "Bueno Aires" for the dimension City.
2 - In OBIEE, let's create a boot block looking for the value of this table where the group is the Vendors and the user will be equal to the user who is logged into the session.
The user login is caught by variable USER session.
3 - The variable is populated V_CIDADE values returned by the initialization block that is marked to be always required for user authentication in the application.
The idea here is to use this variable in the data filters.
Save everything.
4 - Now we include the data filter in Group Sellers, accessing the Identity Manager and click on the scroll BI_Vendedores.
In our example the only user associated with this role is the user bieeuser2.
Click on permissions.
5 - Click on the "+" to add a new date and we will select the filter table presentation "Ship to Regions."
Click on edit expression.
The table will be filtered only to return to the city in the variable.
Well now let's implement column-level security, in our case Fields "10 - Variable Costs" and "R50 Region" should not be presented to the Sellers.
1 - Select the properties of the fields where it is necessary to apply access restrictions.
2 - Click on Permissions:
3 - For the group of sellers to mark the role BI_Vendedores without access.
4 - In the configuration file NQSConfig.ini PROJECT_INACCESSIBLE_COLUMN_AS_NULL change the parameter to YES, is under the security section. By default it is set to NO. Restart the services.
This parameter allows even lacking access the columns the user can view a report previously built with these column.
For the user that has restricted these columns also are hidden in the report
5 - The user bieeuser1 that this group of managers can view the field "10-Variable Costs" and "R50 Region" in the presentation layer and can use in any report loa. Besides displaying the data from all cities.
6 - Have you bieeuser2 that this group of sellers can not see the field "10-Variable Costs" and the "R50 Region" and accesses only the city he represents "Buenos Aires."
Therefore, the report is presented to the seller by hiding columns that he has access, beyond just seeing sales of city it represents.
Well folks, noting that this example is not exhaustive security in OBIEE, if only because each client is different and needs a scenario.
The version used here was of OBIEE 11.1.1.5.5
No comments:
Post a Comment