I know I am re-inventing the wheel for Data level security. But I want to show the obiee beginners a simple guide to implement the same. Hope people out there struggling to implement Data level security will get a hint to build it.
Data Level security is implemented in the case when the user logging in views the data which he/ she has the access to. This includes to include a system session variable 'USER'to capture the user's logging credentials and apply it to the reports query.
I am having three tables for serving their purpose.
1. Dimension Table - DIM2
2. Fact Table - FACT1
3. Security Table -SECURITY_1
Data present in the above tables is shown below-
Next we need to import the three tables in the RPD and do the below joins-
Joins with Dimension and Security table in physical Layer
"DIM2"."COUNTRYID" = "SECURITY_1"."COUNTRYID"
Joins with Fact and Security table in physical Layer
"FACT1"."EMPID" = "SECURITY_1"."EMPID"
Joins with Fact and Security table in physical Layer
"DIM2"."COUNTRYID" ="FACT1"."COUNTRY_ID"
In the BMM layer for the dimension table we need to make the below changes. This change is used to apply when the user selects only the dimension column. So that the values which he/ she has the access will be shown after making the joins with the security table. For example- On clicking of the Prompt values.
And the below change in the Content Tab -where clause
In the BMM layer for the fact table we need to make the below changes. Data will be restricted after making joins with the security table and joins with the dimension table. You can try removing the joins with the dimension and security tables which is not mandatory, since we are joining with the fact and security tables.
And the below change in the Content Tab -where clause
Now its time to view our reports in answers. When the user logs in with 100 as empid then the user is allowed to view only his/ her data.
With the Fact column-
When the user with 200 empid logs in-
Prompt value shown for the user with empid 200
Below are the queries generated-
For Dimension Security
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731
WHERE ( T222728.EMPID = '100'
AND T222728.COUNTRYID = T222731.COUNTRYID )
)
SELECT DISTINCT 0 AS c1, D1.c1 AS c2 FROM SAWITH0 D1 ORDER BY c2
With Fact Dimension columns with Security tables joins. With user with login id as 100
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
T222734.SALARY AS c2
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731,
OBIEE_DBA.FACT1 T222734
WHERE ( T222728.EMPID = T222734.EMPID
AND T222728.EMPID = '100'
AND T222728.COUNTRYID = T222731.COUNTRYID
AND T222731.COUNTRYID = T222734.COUNTRY_ID )
)
SELECT DISTINCT 0 AS c1,
D1.c1 AS c2,
D1.c2 AS c3
FROM SAWITH0 D1
ORDER BY c2,
c3
With user with login id as 200
WITH SAWITH0 AS
(SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
T222734.SALARY AS c2
FROM OBIEE_DBA.SECURITY_1 T222728,
OBIEE_DBA.DIM2 T222731,
OBIEE_DBA.FACT1 T222734
WHERE ( T222728.EMPID = T222734.EMPID
AND T222728.EMPID = '200'
AND T222728.COUNTRYID = T222731.COUNTRYID
AND T222731.COUNTRYID = T222734.COUNTRY_ID )
)
SELECT DISTINCT 0 AS c1,
D1.c1 AS c2,
D1.c2 AS c3
FROM SAWITH0 D1
ORDER BY c2,
c3
Comments are always welcome...