Friday 29 June 2012

Data Level Security


I know I am re-inventing the wheel for Data level security. But I want to show the obiee beginners a simple guide to implement the same. Hope people out there struggling to implement Data level security will get a hint to build it.

Data Level security is implemented in the case when the user logging in views the data which he/ she has the access to. This includes to include a system session variable 'USER'to capture the user's logging credentials and apply it to the reports query.

I am having three tables for serving their purpose.
1. Dimension Table - DIM2
2. Fact Table  - FACT1
3. Security Table -SECURITY_1

Data present in the above tables is shown below-











Next we need to import the three tables in the RPD and do the below joins-



Joins with Dimension and Security table in physical Layer

"DIM2"."COUNTRYID" = "SECURITY_1"."COUNTRYID"

Joins with Fact and Security table in physical Layer

"FACT1"."EMPID" = "SECURITY_1"."EMPID"

Joins with Fact and Security table in physical Layer

"DIM2"."COUNTRYID" ="FACT1"."COUNTRY_ID"


In the BMM layer for the dimension table we need to make the below changes. This change is used to apply when the user selects only the dimension column. So that the values which he/ she has the access will be shown after making the joins with the security table. For example- On clicking of the Prompt values.



And the below change in the Content Tab -where clause





In the BMM layer for the fact table we need to make the below changes. Data will be restricted after making joins with the security table and joins with the dimension  table. You can try removing the joins with the dimension and security tables which is not mandatory, since we are joining with the fact and security tables.




And the below change in the Content Tab -where clause



Now its time to view our reports in answers. When the user logs in with 100 as empid then the user is allowed to view only his/ her data.


With the Fact column-




When the user with 200 empid logs in-





Prompt value shown for the user with empid 200

Below are the queries generated-

For Dimension Security

WITH SAWITH0 AS
  (SELECT DISTINCT T222731.COUNTRY_NAME AS c1
  FROM OBIEE_DBA.SECURITY_1 T222728,
    OBIEE_DBA.DIM2 T222731
  WHERE ( T222728.EMPID = '100'
  AND T222728.COUNTRYID = T222731.COUNTRYID )
  )
SELECT DISTINCT 0 AS c1, D1.c1 AS c2 FROM SAWITH0 D1 ORDER BY c2

With Fact Dimension columns with Security tables joins. With user with login id as 100

WITH SAWITH0 AS
  (SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
    T222734.SALARY                      AS c2
  FROM OBIEE_DBA.SECURITY_1 T222728,
    OBIEE_DBA.DIM2 T222731,
    OBIEE_DBA.FACT1 T222734
  WHERE ( T222728.EMPID = T222734.EMPID
  AND T222728.EMPID     = '100'
  AND T222728.COUNTRYID = T222731.COUNTRYID
  AND T222731.COUNTRYID = T222734.COUNTRY_ID )
  )
SELECT DISTINCT 0 AS c1,
  D1.c1           AS c2,
  D1.c2           AS c3
FROM SAWITH0 D1
ORDER BY c2,
  c3

With user with login id as 200

WITH SAWITH0 AS
  (SELECT DISTINCT T222731.COUNTRY_NAME AS c1,
    T222734.SALARY                      AS c2
  FROM OBIEE_DBA.SECURITY_1 T222728,
    OBIEE_DBA.DIM2 T222731,
    OBIEE_DBA.FACT1 T222734
  WHERE ( T222728.EMPID = T222734.EMPID
  AND T222728.EMPID     = '200'
  AND T222728.COUNTRYID = T222731.COUNTRYID
  AND T222731.COUNTRYID = T222734.COUNTRY_ID )
  )
SELECT DISTINCT 0 AS c1,
  D1.c1           AS c2,
  D1.c2           AS c3
FROM SAWITH0 D1
ORDER BY c2,
  c3


Comments are always welcome...

No comments:

Post a Comment

Thanks to Comment
--Add--