Data Level
Security
Data Level security is implemented
in the case when the user logging in views the data which he/ she has the
access to. This includes to include a system session variable 'USER' to capture
the user's logging credentials and apply it to the reports query.
I am having three tables for serving their purpose.
1. Dimension Table - DIM2
2. Fact Table - FACT1
3. Security Table -SECURITY_1
Data present in the above tables is shown below-
Next we need to import the three
tables in the RPD and do the below joins-
Joins with Dimension and Security
table in physical Layer
"DIM2"."COUNTRYID" = "SECURITY_1"."COUNTRYID"
Joins with Fact and Security table in physical Layer
"FACT1"."EMPID" = "SECURITY_1"."EMPID"
Joins with Fact and Security table in physical Layer
"DIM2"."COUNTRYID" ="FACT1"."COUNTRY_ID"
"DIM2"."COUNTRYID" = "SECURITY_1"."COUNTRYID"
Joins with Fact and Security table in physical Layer
"FACT1"."EMPID" = "SECURITY_1"."EMPID"
Joins with Fact and Security table in physical Layer
"DIM2"."COUNTRYID" ="FACT1"."COUNTRY_ID"
In the BMM layer for the dimension table we need to make the below changes. This change is used to apply when the user selects only the dimension column. So that the values which he/ she has the access will be shown after making the joins with the security table. For example- On clicking of the Prompt values.
And the below change in the Content
Tab -where clause
In the BMM layer for the fact table
we need to make the below changes. Data will be restricted after making joins
with the security table and joins with the dimension table. You can try
removing the joins with the dimension and security tables which is not
mandatory, since we are joining with the fact and security tables.
And the below change in the Content
Tab -where clause
Now its time to view our reports in
answers. When the user logs in with 100 as empid then the user is allowed to
view only his/ her data.
With the Fact column-
When the user with 200 empid logs in-
Prompt value shown for the user with
empid 200
Below are the queries generated-
For Dimension Security
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731
WHERE ( T222728.EMPID = '100'
AND T222728.COUNTRYID = T222731.COUNTRYID )
)
SELECT DISTINCT 0 AS c1, D1.c1 AS c2 FROM SAWITH0 D1 ORDER BY c2
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731
WHERE ( T222728.EMPID = '100'
AND T222728.COUNTRYID = T222731.COUNTRYID )
)
SELECT DISTINCT 0 AS c1, D1.c1 AS c2 FROM SAWITH0 D1 ORDER BY c2
With Fact Dimension columns with Security tables joins. With user with login id as 100
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
T222734.SALARY AS c2
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731,
OBIEE_DBA.FACT1 T222734
WHERE ( T222728.EMPID = T222734.EMPID
AND T222728.EMPID = '100'
AND T222728.COUNTRYID = T222731.COUNTRYID
AND T222731.COUNTRYID = T222734.COUNTRY_ID )
)
SELECT DISTINCT 0 AS c1,
D1.c1 AS c2,
D1.c2 AS c3
FROM SAWITH0 D1
ORDER BY c2,
c3
With user with login id as 200
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
T222734.SALARY AS c2
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731,
OBIEE_DBA.FACT1 T222734
WHERE ( T222728.EMPID = T222734.EMPID
AND T222728.EMPID = '200'
AND T222728.COUNTRYID = T222731.COUNTRYID
AND T222731.COUNTRYID = T222734.COUNTRY_ID )
)
SELECT DISTINCT 0 AS c1,
D1.c1 AS c2,
D1.c2 AS c3
FROM SAWITH0 D1
ORDER BY c2,
c3
No comments:
Post a Comment