I have a BSO cube and it's Org hierarchy is set like below:
Org:
totalUS
US
US retail
Us non retail
A1
B1
C1
D1
D_001
the user group should only see data for #IDescendants(US non retail) and Idescendants(D1).The user wants totalus hidden too.
My Maxl script is:
grant read on database 'Test'.'Test' to group 'Test';
create or replace filter 'Test'.'Test'.'MetaTest'
meta_read on '#IDESCENDANTS ("US non retail"),#IDESCENDANTS("D1")' ;
grant filter 'Test'.'Test'.'MetaTest' to group 'Test';
Still my Smart view pull shows data and member name for totalus,totalus is sibling of A1,B1,C1,D1.
Please help me!
You need to change your filter to disallow access to the #IDESCENDANTS("TotalUS") and then have the metaread. Just because the metaread focuses on a different hierarchy doesn't mean that you've addressed the other elements in the hierarchy, which is what you need to do. The Essbase admin guide talks about some of the fundamentals of filters, including this.
Related
I have a BO4.1 environment that has been build by my predecessor (who is unreachable).
There are 2 universes.
Both are based on the same sourcetable.
Both contain the same clientdata (name, adress SSN).
I have two usergroups: TESTUSERS (standard-user) and POWERUSERS (admin)
When making a report through Webi usersin the group TESTUSERS can see the SSN in Universe A but cannot see the SSN in Universe B. TESTUSERS should not be able to see the SSN in Universe A.
POWERUSERS are allowed to see that data.
For the love of StackOverflow I cannot find out how to the SSN is hidden in universe B (how it should be). How do I hide/show dimensions based on the group the login belongs to?
To be clear: the SSN should not be selectable for group TESTUSERS when creating/modifying a report. This question is not about how to hide the SSN in reports
For unx universes, objects can be hidden from certain user groups via Business Security Profiles. In IDT, go to Window -> Security Editor, and log in to the session that the universe is in. In the "Universes / Profiles" dialog, navigate to the universe that currently has the restriction applied. Underneath that universe should be at least one security profile. From here, you can edit it or view/change the groups it applies to. To add the same restriction to the other universe, select that other universe and then click the "Insert Business Security Profile" icon above the universe list.
I am retrieving users for Active directory in Jira 7 by using LDAP. I am trying to reduce the number of users brought from LDAP to a particular group that we have created. So in order to do that i put (objectCategory=group)(cn=WebAgileDevs) in the group object filter along with the default settings. The only thing i change is the Base DN and credentials required. When i save and test it does show me that it is testing 1 group and 15 users which is what i want!(See the screenshot). BUT, when i go and sync it, it brings in 43000 users!! What am i missing???
Test Remote Directory Screenshot
The group filter is used to filter the list of groups that are imported to JIRA, and the user filter is used to filter the list of users that are imported to JIRA. The two need not necessarily correspond. Your group filter would be instructing JIRA to bring in only that one group (into the list of groups), but without further refinement, your user filter will still be pulling in all users, as you noticed. This means that you need to adjust the user filter too.
From your question, you want to import only those users who are a member of a specific group. Atlassian provides some general guidance here.
The last example on that page is particularly relevant for you:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,ou=users,dc=company,dc=com))
This tells JIRA to pull in only those user objects that are a member of the group cn=CaptainPlanet,ou=users,dc=company,dc=com. You would want to replace this with your cn=WebAgileDevs (plus whatever trailing qualifiers you need to fully qualify the group name).
I'm trying to create a view in CRM 2011 that will show a few columns from Customers (Account), Orders (SalesOrder), and Order Products (SalesOrderDetail). I already know I need to start at the child-most entity so under Advanced Find I select "Order Products" under Look for. When I do this I'm able to select columns from Orders but unable to select columns from Customers.
Is this even possible to accomplish in CRM?
I'm trying to create the following result set:
Account.Name,
Account.Email,
SalesOrder.OrderNumber,
SalesOrderDetail.NetAmount,
SalesOrderDetail.ShipDate
I verified that you cannot manually add a second link within a view query. To my knowledge it is also not possible to add these columns though javascript. You can get the account name in your view simply by using the account lookup on the Order. If you need for the account email to also be in the view, then I suggest you add this field to the order entity and populate it with post callout logic on the account.
I Second Zach’s idea, but suggest adding a direct relationship between customer and orderdetail . This way you can use fetchxml to show account.email or any other account.* for that matter.
The downside is you’ll need to sync order.customer changes to orderdetail.customer.
The better option is to simply create a report and show that in an iframe or a webresource.
This is not possible even if we edit the fetch xml it wont work
I have question related to business rules. Let's have a entity Account with some properties (amount, name, type etc.) on which we define business rules.
I store my rules in database table as follows
Rule_id | Field | Operator | value .
Rule can be like , amount > 1000, name ="abc", type="x" etc.
Rules are grouped and mapped to a user.
Account are created in system, and admin has to approve them. When admin login based on his rule set, admin should see relevant accounts.
Like if admin rule set is amount>500, then any account less 500 is not shown to him.
My question is best way to implement it in database, how to query so that relevant accounts can be fetched depending on underlying rule set.
create a user table something like this
users
userId | Username | UserType | Rule_id
when a user log-in, join the user table with rule table on Rule_id
and generate the condition using a query like this
select 'Select * from Account where '+Field+Operator+value from rules
where Rule_id=1
The result of this query will give another sql query on executing the same will fetch the accounts that are accessible for that user
result of the above query
Select * from Account where amount>1000
What you describe is quite similar to Oracle's Fine-Grained Access Control (AKA Virtual Private Database). This is primarily a security tool, but it could be used to enforce generic business rules. Find out more.
Even if you choose not to use FGAC (or can't because you don't have Enterprise Edition) it will give you some hints about how to implement a solution: use sys_context and namespaces to hold the rules, and views referencing sys_context functions to enforce them.
I am attempting to create a report that contains a list nested within another list to produce the following layout:
User name: Bob
User info: Interesting stuff about Bob
Permissions: Administrator
SuperUser
User
User name: Next user
etc...
The data looks like this:
UserName Details PermissionName
Bob Interes... Administrator
Bob Interes... SuperUser
Bob Interes... User
NextUser More stuff User
In my example I am trying to display the user details using a list and then to display the permissions using a second list embedded within the first list. I decided to do this because there are a variable number of permissions that can be assigned to a user. However this approach doesn't seem to work.
Is there a better way or am I just missing something really obvious?
how about using a sub report for the 2nd set?
You can also use a table control and group your data on "UserName" with the detail grouped on "Permission".