Sunday, December 12, 2010

OBIEE Column Level Security with Grant Total

Two users UserA and UserB were used for this sample.

UserA belongs to Non Sales group.
The column level security is applied over Non Sales group, so users from Non Sales group cannot see the Quantity sold column.

UserB do not have any restrictions.

For UserB,

Same report for UserA,

The grant total value of Amount Sold column is displayed at the column which is hided for the UserA. Usually when we enable column level security that column will be pushed to end, that is the reason for this.

To get the correct format with same functionality.

Remove column level security from RPD Quantity Sold column from RPD presentation layer.

In logical layer go to the LTS, In column mapping write the case statement like shown below,

Now for UserA,

For UserB the report will show all values for the quantity sold column.


Sunday, December 5, 2010

OBIEE Data Level Security - Session Variables

This example is based on SH schema tables.
A new table created for storing user details.The user details where stored in a database table as shown below,

The two users used for this example are UserA and UserB.

Create the Initialization block for populating the group session variable.

This will populate the group values (REGION, PRODUCT in the GROUP session variable based on the user).

Create another session variable to populate the data value for the group.

This will populate the data value for each group based on user.
Now create two groups REGION, PRODUCT in the RPD.

Now go to Group REGION -> Permissions
Go to filter tab ->Add the logical layer table for applying the filter.

Similarly add the filter over other table as well wherever the filter needs to be applied, In this the filter applied over Sales (fact) table as well.

Add filter over the Product group as well based on the table.

Now when a user with no data level security logs in

For UserA,

For UserB,

If UserB selects the following column

Since this did not have product or region table column then also the filter will be applied because we have added the filter over the Sales table for both REGION and PRODUCT group.

The physical query for the above criteria will have this additional filter for region and products.

In the above physical SQL the filters for Region and Product is applied. Like this we can add other table also in the group to enforce the filter to be applied over the tables.