This lets you limit who can see what.
How about a more complex case... when users can see aggregate data of higher levels but are only allowed to see certain members of a lower level.
e.g.
Sales is a measure that is associated with a Branch dimension.
Users from each branch are allowed to see the sales of their own branch and the aggregated total sales accross all branches - ``Branch(ALL)'' as Cognos calls it.
If we put a security filter on the Branch dimension or the Sales measure then we filter out all the data, so the aggregate value will only show one branch.
(At least that's what's gonna happen with a DMR model.)
What should we do?
I couldn't figure out a good answer for this problem other than not having data level security in the model.
The security can be implemented in the reports by enforcing some prompt based filter and limiting the selections based on the user's access etc.
This won't help much if you're willing to use tools like Analysis Studio where the user can directly interact with the model.
Posts
Hi,
ReplyDeleteLooking at this. Have you identified any solution to apply data level security in a DMR model.
Thanks,
Jay
Yes...and no
ReplyDelete;-)
In one implementation I just relied on filtering the possible choices on the prompt page.
I have bad feelings about it, it's not the most secure... can be tricked probably.
Depending on how you are generating the queries for the DMR you can enforce filters in the model...
meaning on thr SQL level, not on the dimensional level.
One other way is to put a simple encapsulation based upon the group/role. In other words, in FM lets say you want aggregation at Country level but at City level certain groups can perform aggregation and other cannot see the details.
ReplyDeleteImplementatoin, [City] data item could point to Country if user belongs to say a Group = "DisAllow Aggregation". Otherwise point to [City] itself.