How to restrict the access of a web application user to particular dimension members
Here is an example created in the sample database “pwsample” regarding how to use “INDEX USER-CASE-ENDINDEX” statement to restrict web application users’ access to particular dimension members so different users could have a different view when accessing the same scorecard (For example, User1 takes charge of all the stores of Boston and this user should not have the access to the data of stores in Miami.)
1. Create two PAS users with properties similar to the default user “Guest”, “Guest1” and “Guest2”.
2. Use the PAS model “HFPBM” in exclusive mode. Create a procedure named “Security” in the PAS model “HFPBM” with the following
…Guest1 is restricted to Boston on Store dimension
…Guest1 is restricted to Women and members below Women on PRODUCT dimension.
SELECT PRODUCT Women
SELECT PRODUCT plus Below Women
SELECT STORE Boston
… Guest2 has the full access
…Guest has no access to any dimension members.
SELECT PRODUCT NONE
SELECT STORE NONE
SELECT CUSTOMER NONE
3. Exit PAS.
4. Modify the model connection of HFPBM, add more Application Server Connections, “Guest1” and “Guest2”. Assign the web application user “SSM_USER1” to “Guest1”, and the web app user “SSM_USER2” to “Guest2”.
5. Connect to the context “Fashion Enterprise” in the sample database “pwsample” separately through “SSM_USER1” and “SSM_USER2”. Compare the difference.
Scorecard of the user “SSM_USER1”
Scorecard of the user “SSM_USER2”