Thursday, June 28, 2012

Authorization can be done in two ways

Object level Security :In this we can restrict dashboards, pages, sections, tables
Data level Security:
Here we can restrict access to values in columns.
Column level Security: Giving access to certain columns in a table.

Here we are having three users’ duser1, vuser1.
Groups for which the users belong to-
duser1 - DISNEY
vuser1 - VERIZON
These groups are created in repository under Manage->Security->Groups
Object & Data level security for Disney group:
When duser1 logs in and he belongs to DISNEY group who can view only Financial Dashboard (Object level security) and data in the column, based on the access given to him (Data level security). He can view only few clients (Brand 1). Restricting data in Client column.
Fig (1) : Restricting data from GROUP level

Object level security
1) Dashboard/Page/Section level security
Create these groups in Answers.
Admin->Manage Presentation Catalog Groups and Users->Create new catalog group
Give permissions to dashboards for each group as per requirement. (Object level)
Restricting the groups to a dashboard
Settings-->Administration-->Manage Interactive Dashboards-->Click on Dashboard permissions
After clicking on permissions tab then assign the respective group to your dashboard
When a duser1 logs in he will see only Financial dashboard

Column level security:
In the presentation layer of repository we need to restrict tables and columns for those groups 

Double click on the table->Permissions tab->General
Check show all user/groups and change check box read to tick or cross mark. Now the users under that group cannot view that table in answers. 

We have a subject area called Sample Sales Reduced. In this we restricted Other
Dimensions table. When duser1 logs in, he cannot see table from presentation
view/answers. In the below picture we can see Other Dimensions table in
Presentation Layer of repository but its not present in Answers
In the same way i restricted particular column in a table to this
user. Here we restricted No of customers,employees, orders these three columns from
Facts other table for this users. When the user login's he cannot view those columns, but i can see these columns in repository.
In the below picture we can see Facts Others with different columns in Answers and Repository

If a report is created using a column which is having access to one user and no access to other user, then the user who doesn’t have the access cannot view report they will get ERROR to avoid the error message you change the NQSCONFIG.INI file
PROJECT_INACCESSIBLE_COLUMN_AS_NULL = NO; under security in NQSConfig.INI Change it to YES so that he can view the report properly without that column.
Satya Ranki Reddy

No comments:

Post a Comment