BO Row Level Security
BO Row Level Security
AGENDA
1. 2. 3. 4. 5. 6. 7. The need for universe security What are restriction sets? Previewing access restrictions Tips & Tricks Live demonstrations Conclusion Q&A
SLIDE 3
SLIDE 4
Optional
Condition objects
SLIDE 5
BUSINESS PROBLEM
Business requirement to secure business critical data based on a users role in the organization All of these restrictions affect all users unilaterally A different solution is required to apply security to specific users and groups: restriction sets
SLIDE 6
SLIDE 7
SLIDE 8
Editing Toolbar
Tools Menu
SLIDE 9
SLIDE 10
SLIDE 11
SLIDE 12
Options
SLIDE 14
GETTING HELP
On-line help is available from the manage access restrictions dialog
SLIDE 15
SLIDE 20
Allowed (checked)
SLIDE 21 COPYRIGHT 2007 BUSINESS OBJECTS S.A.
Disallowed (unchecked)
SLIDE 22
SLIDE 23
The table selection feature behind the Add button only lists tables in the universe structure; however, other tables in the database schema can be typed in manually.
SLIDE 24
RESTRICTION PRIORITY
Users that belong to multiple groups may have multiple restrictions You can arrange user groups in order. The restriction for the lowest group in the listed order is used Applies only to exclusive restrictions such as connection, table mapping, or SQL controls. ALL object restrictions are applied
SLIDE 25
RESTRICTION OPTIONS
By default, all restrictions are ANDed together When organized into user and group hierarchies, useful to be able to switch between AND and OR This feature was not available in XI Release 1
SLIDE 26
SLIDE 27
SLIDE 28
SLIDE 29
SLIDE 33
EXPORTING UNIVERSE
You must export the universe before you can apply restriction sets Although most changes become effective when a universe is exported, remember that restrictions take effect as soon as they are applied
SLIDE 34
@AGGREGATE_AWARE
The @AGGREGATE_AWARE function can be used to create objects that leverage aggregate tables, where appropriate Make sure that each aggregate table supports your requirements for row-level security
Each aggregate level should have a database column used to store the attribute used as the row-level filter
The sample eFashion universe contains aggregates, however, they did not support row-level security for managers, so a modified version of eFashion (without aggregate tables) was used for this presentation
SLIDE 35
@VARIABLE 1 of 2
The @VARIABLE function is a Business Objects function that can be used for The text of an interactive object previously created with the @Prompt function; i.e. the first argument entered in the @Prompt function BusinessObjects system variable such as BOUSER or BOPASS These variables represent respectively the user name and password forming the user identification
SLIDE 36
@VARIABLE 2 of 2
System variables also exist for the connection to the RDBMS (DBUSER & DBPASS). @Variable(BOUSER) is useful for creating access restrictions based on user ID The use of @Variable will be explored in one of the demonstrations
SLIDE 37
LIVE DEMONSTRATIONS
1) Creating and previewing a restriction set 2) Restriction options 3) Restriction priority 4) Using the schedule for option
SLIDE 38 COPYRIGHT 2007 BUSINESS OBJECTS S.A.
SLIDE 39
SLIDE 40
SLIDE 41
SLIDE 42
SLIDE 43
SLIDE 44
SLIDE 45
SLIDE 46
SLIDE 47
CONCLUSION
Restriction sets allow universe behavior to be tailored and secured for individuals or groups In addition to row and column-level security, restriction sets can override connection, query control, and SQL generation options Restriction set priority can be controlled for users that belong to multiple security groups
SLIDE 48
Q&A
Questions
Dallas Marks, Training Manager, Dataspace I will repeat questions to ensure everyone can hear
Contact information
[email protected] www.dataspace.com
SLIDE 49