Data/Object/Column Level Security in OBIEE
Authorization can be done in two waysObject level Security :In this we can restrict dashboards, pages, sections, tables
Data level Security: Here we can restrict access to values in columns.
Column level Security: Giving access to certain columns in a table.
Here we are having three users’ duser1, vuser1.
Groups for which the users belong to-
duser1 - DISNEY
vuser1 - VERIZON
These groups are created in repository under Manage->Security->Groups
Object & Data level security for Disney group:
When duser1 logs in and he belongs to DISNEY group who can view only Financial Dashboard (Object level security) and data in the column, based on the access given to him (Data level security). He can view only few clients (Brand 1). Restricting data in Client column.
Fig (1) : Restricting data from GROUP level
Object level security
1) Dashboard/Page/Section level security
Create these groups in Answers.
Give permissions to dashboards for each group as per requirement. (Object level)
Restricting the groups to a dashboard
Settings-->Administration-->Manage Interactive Dashboards-->Click on Dashboard permissions
After clicking on permissions tab then assign the respective group to your dashboard
When a duser1 logs in he will see only Financial dashboard
Column level security:
In the presentation layer of repository we need to restrict tables and columns for those groups
Double click on the table->Permissions tab->General
Check
show all user/groups and change check box read to tick or cross mark.
Now the users under that group cannot view that table in answers.
We have a subject area called Sample Sales Reduced. In this we restricted Other
Dimensions table. When duser1 logs in, he cannot see table from presentation
view/answers. In the below picture we can see Other Dimensions table in
Presentation Layer of repository but its not present in Answers
In the same way i restricted particular column in a table to this
user. Here we restricted No of customers,employees, orders these three columns from
Facts other table for this users. When the user login's he cannot view those columns, but i can see these columns in repository.
In the below picture we can see Facts Others with different columns in Answers and Repository
NOTE:
If
a report is created using a column which is having access to one user
and no access to other user, then the user who doesn’t have the access
cannot view report they will get ERROR to avoid the error message you
change the NQSCONFIG.INI file
PROJECT_INACCESSIBLE_COLUMN_AS_NULL = NO; under security in NQSConfig.INI Change it to YES so that he can view the report properly without that column.
Thanks
Satya Ranki Reddy
No comments:
Post a Comment