I was wondering if there is a was to check if the "Current User" (User!UserID) running the report is in a network group, from the dataset query of a report? Currently we are restricting access to data based on the "CurrentUser" by checking in the where clause of a SQL query, for example, if the CurrentUser is the "Creator" of a domain object. Based on this, if the CurrentUser is not the creator, then no data will be returned in the result set to the report. Now I want to add another condition in the where clause, which is, to check if the User!UserId is in a network group. Is this possible? If not, can anyone give any suggestions on whether I should be trying to accomplish this another way?
Maybe this will help. You can add an Active Directory server as a linked server and then use openquery() to execute requests.
https://web.archive.org/web/1/http://articles.techrepublic%2ecom%2ecom/5100-22_11-5259887.html
Related
I am working in oracle hcm fusion application. Writing a extract rule for a batch loader fast formula. in one of the extract rule formula i am using a DBI PER_HIST_ASG_ASSIGNMENT_NUMBER but it returning 0, that is no values in DBI. The problem is the DBI internally refer a secured view PER_ASSIGNMENT_SECURED_LIST_V. If I query this table from BI publisher I am not getting any rows. Some one suggest that Data role is missing. Can anyone tell me what is the exact datarole that I should add to acces the values from that DBI.
This View is based on security profile added in the Employment like BU,Department,Location etc.
So you try to retrieve the records from a Super User or Implementation user which is not attached any security profile, You will get the results.
Data roles are configured differently for each organization that is using the Cloud.
So you have to check with your application security consultant for the exact data role you need for this table.
I need my OBIEE Analysis report to be sent to 200 people( all are from different departments) through Actionable Intelligence Agent .
I need to filter the data based on department and send it. I was unable to put the condition in Agent.
Can I filter the data in Dashboard prompt and link the Agent with Dashboard??
Will this work out or any other suggestion for this case??
For those "filter by X and send it to Y" scenarios the best way (in my opinion) is to use BI Publisher bursting options. It's just the textbook case for that.
If you have to stick to the agents in OBIEE, consider enabling row level security for that data following your requirements. Then just configure the agent to send the analysis to the required people and row level sec should do the rest.
If row level security is too much effort, I guess you could play with some auxiliary analysis to filter your main report based on the department of the user. The idea would be the following:
Create a report with the department column in the criteria and a filter by user where the user id is equal to the presentation variable #{user.id} (this is a meta variable that is always available and contains the user logged in).
Filter your main report with a condition where department is based on the results of another analysis (the previous one), so it will return the right department for each user.
Configure your agent to be sent as recipient (not as a specific user) and use the analysis in point 2 as the content to be delivered
Set your 200 recipients manually or use a condition report to get them
Make sure that both analysis in points 1 and 2 are saved in a place where all the users can read them.
I'm quite sure that it will work too :)
Though to be clear, my first option will be BIP bursting followed by proper row level sec.
Hope it helps!
I am working for a hospital and must create a form which MDs can use to submit accounts of child abuse. I must use Microsoft Access.
I have created the form itself, but I must now create a way which information can be harvested from the form. For example, if the doctor inputs the age, where can I store this?
I know access works through fields, but not how to create them. Is it useful here to use excel?
Thank you.
Condolences on having to use Access :-) Been there, done that.
Access stores the data in "tables". A "form" is just a front end for entering or displaying table data. When a doctor enters the age, that field in the form needs to be linked to a column in the underlying table.
When you want to create a "report", you will first need to create a "query" that selects and sorts the data from one or more "tables". You can see the query results in a spreadsheet format while you are designing the query. Then you can create a "report" which is a formatted layout for the query results.
I would recommend a book like Access 2010: The Missing Manual to help you get up to speed on Access quicker.
As far as I know, all QuickBase API calls are called using the following syntax: http://<quickbase>/db/<dbid>?
Is there a way to get the dbid field without navigating to that database table within QuickBase?
If the above is not possible, would anyone recommend anything other than creating another table that stores the IDs of the tables you want?
With the latter method, I believe I would only need to store one dbid and could pull down the rest (which I believe would still need to be user entered, but would be better than requiring them to change the code).
Thanks for the help!
API_GetSchema will return the list of dbids.
https://www.quickbase.com/db/<yourApplicationId>?act=API_GetSchema&apptoken=<yourApplicationTokenId>&fmt=flat
The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.
The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data
I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?
The question :
How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"
Thanks for any tips.
Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.
The "proper" way to do this is with Fine-Grained Access Control (Virtual Private Database), which can replace the contents of columns with a NULL if certain conditions are not met.
See the example here: http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#autoId17
You can probably build this sort of functionality yourself if you're feeling both impoverished and skilled.
Do you the ability to modify roles and create views? Perhaps you could create two separate views and grant access to two different roles for that table. All users that are restricted from seeing the sensitive data would belong to a "restricted" role and the others would have access to the "unrestricted" role. You would need to grant privileges on each view to the appropriate role.
It is important to note that there are restrictions on updating the underlying data associated with a view. As explained here, views that contain set operators, aggregates and GROUP BY DISTINCT and joins and not modifiable.