Security Profiles in IDT
There are basically 2 main Security Profiles that can be set at the Universe level.
Data Security Profile
Business Security Profile
This document explains how to set these Security Profiles in detail.
Data Security Profile :
- In the data foundation layer, make sure that the table which maintains the BOBJ users info is linked to other table.
- Save the data foundation layer.
- Then in the tool bar that is available at the top, Click on the Security Editor icon.
- Once Security Editor is clicked, it prompts for a session login. Click on “OK” and then it opens the required editor.
- Then it shows the list of Universes published to the repository.
- Select the required Universe on which you need to do the necessary changes.
- Once the Universe is selected, the icon on the top gets enabled.
The intention here is to insert few conditions at the Universe level which will be reflected directly at the Reporting level.
Let us now consider an example wherein we need to show only specific country name to specified Users.
And that data has been maintained in a separate table.
So now if user A logs in, he will be able to see only data pertaining to India.
And a User F who has not been included in this restriction logs in he will be able to see all the data (no restriction will be applied).
- In the rows tab, we need to include the table on which we need to make the restrictions.
- Once the table has been added, we need to specify the “WHERE” clause wherein we need to specify the conditions that needs to be applied.
- Now that we have added the condition, just click on ‘OK’ to continue.
- The main part now is to add the USERS to the particular Security Profile so that these conditions are applied on them.
- Once Users are added, save it, and publish the Universe for the changes to apply.
- Login to reporting tool and create a report to validate.
Business Security Profile
Business Security Profile is basically used if we need to do any folder level restriction for a particular users or group of users so that the user will be able to see only those folders for which they have been given access.
Steps to be followed:
- This security profile, has 3 main tabs : Create Query, Display Data and filters
- Under Create Query, we need to include the Business layer views that have been created at the Data foundation layer.
We can insert the views that the user needs to view by using the “Insert Granted” button and can do the same to deny access to other views by “Insert Denied” button.
- Under the Display Data tab, we can add the folders to be required to view at reporting level by inserting granted and it is mandatory
- Under Filter tab, we can create our own filters so that data gets restricted at the Universe level only rather than at the report level.
Once all the required changes have been done, it is important to add the users to this Business Security Profile so that these restrictions will be applied to those particular users.
After adding the users, save the security editor and login to Webi to check the restrictions.
Is it possible to mask a BL object value for a specific user/gruop?
For example there is a measure and i used it in a report. I want to hide the value of the measure if a specific user/group runs the report and shows the value for other users.