I have a BO4.1 environment that has been build by my predecessor (who is unreachable).
There are 2 universes.
Both are based on the same sourcetable.
Both contain the same clientdata (name, adress SSN).
I have two usergroups: TESTUSERS (standard-user) and POWERUSERS (admin)
When making a report through Webi usersin the group TESTUSERS can see the SSN in Universe A but cannot see the SSN in Universe B. TESTUSERS should not be able to see the SSN in Universe A.
POWERUSERS are allowed to see that data.
For the love of StackOverflow I cannot find out how to the SSN is hidden in universe B (how it should be). How do I hide/show dimensions based on the group the login belongs to?
To be clear: the SSN should not be selectable for group TESTUSERS when creating/modifying a report. This question is not about how to hide the SSN in reports
For unx universes, objects can be hidden from certain user groups via Business Security Profiles. In IDT, go to Window -> Security Editor, and log in to the session that the universe is in. In the "Universes / Profiles" dialog, navigate to the universe that currently has the restriction applied. Underneath that universe should be at least one security profile. From here, you can edit it or view/change the groups it applies to. To add the same restriction to the other universe, select that other universe and then click the "Insert Business Security Profile" icon above the universe list.
Related
So I am trying to Enroll a user in a section for a particular org unit (Course)
This all works fine and I can add them into the section etc using:
POST /d2l/api/lp/(version)/(orgUnitId)/sections/(sectionId)/enrollments/¶
But the issue is, I am only able to POST one attribute, user ID. I need to be able to post the RoleID as well so I can specify whether they are a student or staff, as it assigned them 'teacher'.
Is there a way to do this / a different approach?
Cheers,
Alex.
Enrollments in Sections and Groups are effectively treated as special sub-components of a Course Offering; the APIs that let you enroll a user into a Section or Group therefore assume that you want to take the user/role enrolled in the parent course offering and "assign" them to this Group or that Section (with the same enrollment role).
You are correct that if you want to have them enrolled with a different role, you should instead use the general enrollments API (assuming you have permissions; your calling user context may well have permissions to assign a user to a group or a section, but not to enroll them generally).
I am retrieving users for Active directory in Jira 7 by using LDAP. I am trying to reduce the number of users brought from LDAP to a particular group that we have created. So in order to do that i put (objectCategory=group)(cn=WebAgileDevs) in the group object filter along with the default settings. The only thing i change is the Base DN and credentials required. When i save and test it does show me that it is testing 1 group and 15 users which is what i want!(See the screenshot). BUT, when i go and sync it, it brings in 43000 users!! What am i missing???
Test Remote Directory Screenshot
The group filter is used to filter the list of groups that are imported to JIRA, and the user filter is used to filter the list of users that are imported to JIRA. The two need not necessarily correspond. Your group filter would be instructing JIRA to bring in only that one group (into the list of groups), but without further refinement, your user filter will still be pulling in all users, as you noticed. This means that you need to adjust the user filter too.
From your question, you want to import only those users who are a member of a specific group. Atlassian provides some general guidance here.
The last example on that page is particularly relevant for you:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,ou=users,dc=company,dc=com))
This tells JIRA to pull in only those user objects that are a member of the group cn=CaptainPlanet,ou=users,dc=company,dc=com. You would want to replace this with your cn=WebAgileDevs (plus whatever trailing qualifiers you need to fully qualify the group name).
We have a cube where we implemented the dimension data level security based on ROLE. This security is working fine where we are restricting the user to see his records only. Now the Customer dimension has another Employee attribute. Based on the value of this field we want to restrict other dimension attributes. Like in the below example Manager_Id is the attribute that should be masked. We want to mask the attribute value of this field with "Employee” so that the restricted user only sees a masked attributes value.
Note: Both the attribute from the same dimension
User is allowed to see employee data
Name Manager_ID
Jon 123456
If the User is not allowed to see then the attribute value needs to be masked with Employee
Eg:
Name Manage_ID
Jon xxxxx
Thanks
Jay
If I'm interpreting your question correctly you're trying to disable a value in a dimension based on the user querying the dimension/cube. Unless you've build your own version of excel where you would add those overrides you should use different roles for the different types of users that use your application.
While I don't know how and if you can mask a value, you can use attribute security to disable the role from viewing the contents of a certain attribute of a dimension.
To do this from SQL Server Management Studio you can open the properties of a role, go to the dimension data tab and select the cube and dimensions you want to filter.
Warning: you can't disable values in a dimension, then the user will still be able to query them, you'll need to scroll down to the cubes and edit the dimension there.
(it's a long list of first your dimensions and then your cubes which can be extended to show the cubedimensions, which are the only thing relevant to us right now)
When you have the correct dimension you can select an attribute Manager_ID in your case and disable all values a user shouldn't be able to see. You can do this by unchecking all restricted values or deselect all members and then click the ones that should be available. That all depends on your useCase.
The result of this will be that when opening the dimension from excel or powerBI the disabled values won't show.
I hope this helps and good luck.
I'm trying to modify the access control list of Leave Requests to approve under Leave managements module.
I need to make the Leave Requests to approve menu only accessed by each employee's manager.
ea. if the company has 10 employees under Sales/marketing and 5 employees under IT department. I need the sales manager access his 10 employees' leave requests only and not able to access the rest of company's employees who are not under his authority.
To do it, I modified the record rule domain definition of Leaves officer from [(1,'=',1)] to [('employee_id.parent_id,'=',user.id)]
but it didn't work. How to fix it?
In Your case basically your are totally pass the wrong domain for the record rules.
You are previously using the domain like
[(1,'=',1)] = > Access the all the model record for that model
[('employee_id.parent_id,'=',user.id)] = > Access the Manager parent_id as current user employee only
But in your are accessing only with the manager user only not to access its related user.
so you must have to add the below domain in your record rules:
['|',('employee_id.user_id','=',user.id),('employee_id.parent_id.user_id','=',user.id)]
Basically the manager its self as employee of the company and employee having to attached with its related user.
first Need to understand the following relation :
1. employee_id :
which is indicate the each leave related with one employee.
2. parent_id :
which is indicate the each employee related with one manager for hr.holidays model w[('employee_id.parent_id,'=',user.id)]particular model.hich is called the leave request
3. user_id :
If you want to access the login to the particular employee then and then you must have to set the related user for each employee form.which is labeled as Related User.
4. user :
Which is indicate the global user name means current user which you are currently logged in.
5.id :
means unique id for each record
In your case how the domain will work ?
first it will check the current logged in user as attached current leave employee related user or not.
and then then find the user ids which are having with the same employee attached with the same managers.
It means it will perform the OR operation of SQL Statement for both of the domain.
I hope my answer may helpful for you :)
I have a spreadsheet in excel with three headers:
Project Name
The name of a project i'm working on.
Requested Role
The job title/profession of the project employee. (example: mechanic, manager, engineer)
Name
The name of the employee.
When i click on the Person's name i want another page or tab (specific to this person) to appear showing details about them such as their name, job title, how long they worked, what project they are doing... etc. (similar to a Facebook profile)
When i click on the project name i want another page or tab (specific to this project) to appear showing details about it such as the requirements, the deadline, who is currently working on it... etc.
Furthermore, i would like to set up two levels of access:
Managers:
People who can add new information but not change or delete existing information
(write-only permissions)
Administrators:
People who can have full access to all information.
All highest level of access.
I don't know how i would go about displaying and/or organizing so much information in a vb.net application. if anyone could provide some suggestions as to some possible layouts of the GUI it would be greatly appreciated!
Additional Details:
For the specific pages i was thinking of using the tab control but i want it so that i can search through the list of projects or names, select one, and then it brings up the page about it.
The levels of access is the least of my worries... although it is still a worry.
You don't want to store that information in an excel spreadsheet, a database is much, much better. For what you've described here I'm going to assume that you have Projects and Employees, and that multiple Employees can work on a project. You'll need a few tables then:
Project
ProjectSeq 'Int - unique sequence for this project record
Name 'String - name of project
Descr 'String - description of project
... 'Various - other fields as needed
Employee
EmployeeSeq 'Int - unique sequence for this employee record
Name 'String - Name of employee
Title 'String - Job title of this employee
IsManager 'Boolean - Is this employee a manager?
IsAdmin 'Boolean - Is this employee an administrator?
... 'Various - other fields as needed
ProjEmpl
ProjEmplSeq 'Int - unique sequence for this project-employee record
ProjSeq 'Int - link to project record
EmployeeSeq 'Int - link to employee record
... 'Various - other fields that apply to this project-employee combination
Once you have your tables all set up and populated with data, you'll want to read the data and transfer it to your .NET application. There are a few ways of doing this, you'll have to decide which works best for your needs. I'm a big fan of DataSets, they always work nicely.
To fill the grid, you'll need to use a sql statement that fills a datatable from the three tables (I'm using notepad as my IDE, so this may not be exact):
SELECT pe.*, p.Name as ProjName, e.Name as EmplName, e.Title
FROM ProjEmpl pe, Project p, Employee e
WHERE p.ProjectSeq = pe.ProjectSeq AND
e.EmployeeSeq = pe.EmployeeSeq
To display the data to the end user, you would use a DataGridView control. Set the datagrid.DataSource to use the datatable you just populated and the data should show up.
To display the related Employee & Project information, I'd use a tab control underneath the datagrid. One tab for Project, and one tab for Employee. Use individual controls for each field in the table. When the user changes rows in the datagrid, load the related Project and Employee information for that row into two datatables and populate the controls from that.
Lastly, to set permissions on the program you'll need to have the employee log onto the application. Once they've logged on you can look them up in the Employee table, find out if they are a manager or an administrator, and set the permissions accordingly.