Sunday, December 5, 2010

OBIEE Data Level Security - Session Variables

This example is based on SH schema tables.
A new table created for storing user details.The user details where stored in a database table as shown below,



The two users used for this example are UserA and UserB.

Create the Initialization block for populating the group session variable.



This will populate the group values (REGION, PRODUCT in the GROUP session variable based on the user).

Create another session variable to populate the data value for the group.



This will populate the data value for each group based on user.
Now create two groups REGION, PRODUCT in the RPD.



Now go to Group REGION -> Permissions
Go to filter tab ->Add the logical layer table for applying the filter.



Similarly add the filter over other table as well wherever the filter needs to be applied, In this the filter applied over Sales (fact) table as well.



Add filter over the Product group as well based on the table.



Now when a user with no data level security logs in



For UserA,



For UserB,



If UserB selects the following column



Since this did not have product or region table column then also the filter will be applied because we have added the filter over the Sales table for both REGION and PRODUCT group.

The physical query for the above criteria will have this additional filter for region and products.



In the above physical SQL the filters for Region and Product is applied. Like this we can add other table also in the group to enforce the filter to be applied over the tables.

Vino

3 comments:

  1. HI Vino,

    initialization blocks you created have to assign to some session variable rite..how you assigned PRODUCT and REGION variables IN FILTER..?can you please elaborate on that..?

    Regards,
    Kumar

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. Hi,

    where you create session variable & how to assign to session initialization block ? can u clarify?

    ReplyDelete