In my WebI Report I would like to print the Author or the Last modified User name.
How can I obtain it?
Have a look at the manual Using functions, formulas and calculations in Web Intelligence, which contains a reference information regarding functions you'd need to retrieve this information. You can find the manuals for your specific version of BusinessObjects on help.sap.com.
The functions you're probably looking for are DocumentOwner() and DocumentAuthor().
Update:
While you can't retrieve the user's full name in Web Intelligence, there is a workaround, provided that
You're using third-party authentication (e.g. Windows AD)
You're able to pull the full name from that source into the CMC
If so, you can use User Attribute Management to define a new user attribute in the CMC and then create a new dimension in your (UNX) universe which uses the #Variable to get in the new user attribute value.
From the IDT manual (paragraph 18.3.6 About #Variable, version BI 4.1 SP5):
To reference a User Attribute, specify the internal name for the at
tribute as it is defined in the CMC. #Variable returns the value of
the attribute for the current user. For example, the User Attribute
MYCOUNTRY contains the value of the country of each user in the CMC.
Specify the attribute's internal name surrounded by single quotes:
#Variable('SI_MYCOUNTRY')
The attribute’s internal name is defined when the attribute is cre ated in the CMC
User Attribute Management is described in the Administrator Guide, paragraph 6.2.17 Managing attributes for system users (version BI 4.1 SP5).
Related
How to add users to LDAP Groups using PDI tool with the help of component "LDAP Output"?
You need to input steps: One to read the users and one to read the groups. How you join these two step depends on the LDAP server you use.
You can either join:
through the memberof attribute of the user. This is what ActiveDirectory does.
or by the member attribute of the group. This is what most Unix-based diretory servers do,
In either case the attribute contains the distinguished name of the other entity (e.g. memberOf refers to the DN of group he is a memeber of).
We have a cube where we implemented the dimension data level security based on ROLE. This security is working fine where we are restricting the user to see his records only. Now the Customer dimension has another Employee attribute. Based on the value of this field we want to restrict other dimension attributes. Like in the below example Manager_Id is the attribute that should be masked. We want to mask the attribute value of this field with "Employee” so that the restricted user only sees a masked attributes value.
Note: Both the attribute from the same dimension
User is allowed to see employee data
Name Manager_ID
Jon 123456
If the User is not allowed to see then the attribute value needs to be masked with Employee
Eg:
Name Manage_ID
Jon xxxxx
Thanks
Jay
If I'm interpreting your question correctly you're trying to disable a value in a dimension based on the user querying the dimension/cube. Unless you've build your own version of excel where you would add those overrides you should use different roles for the different types of users that use your application.
While I don't know how and if you can mask a value, you can use attribute security to disable the role from viewing the contents of a certain attribute of a dimension.
To do this from SQL Server Management Studio you can open the properties of a role, go to the dimension data tab and select the cube and dimensions you want to filter.
Warning: you can't disable values in a dimension, then the user will still be able to query them, you'll need to scroll down to the cubes and edit the dimension there.
(it's a long list of first your dimensions and then your cubes which can be extended to show the cubedimensions, which are the only thing relevant to us right now)
When you have the correct dimension you can select an attribute Manager_ID in your case and disable all values a user shouldn't be able to see. You can do this by unchecking all restricted values or deselect all members and then click the ones that should be available. That all depends on your useCase.
The result of this will be that when opening the dimension from excel or powerBI the disabled values won't show.
I hope this helps and good luck.
I want to know if it is possible to show different dimensions attributes depending the locale identifier.
That is the connection string using ADOMD.NET.
string connectionString = "Provider=MSOLAP;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Catalogo;Data Source=SQlserver;Locale Identifier="+language;
For example if I connect with language = 3082(ES), I want to show only one dimensions attribute, and if y change the language i will show another.
Translations inside Analysis Services let the cube developer define the Spanish (and other languages) translations for metadata and the actual dimension member names. Is that what you want? Or do you want to trim down the list of dimension members a user sees based upon the language of their computer?
I don't know of a way of easily retrieving the current Locale Identifier on the current connection. Maybe a .NET sproc that runs inside SSAS would let you figure this out, but I'm not sure I'd recommend that.
I tried creating a role in the Adventure Works sample cube which uses this expression for the Dimension Data security on the [Geography].[Country] attribute:
Filter([Geography].[Country].[Country].Members,[Geography].[Country].CurrentMember.Name = [Geography].[Country].CurrentMember.Member_Caption)
That code is just a conceptual test not something you'd use as is. That code, if it worked, would only let a user see any countries where the translated name (Member_Caption) matches the English name. For example, in the Adventure Works cube, Canada is the english name and Canada is also the Spanish translated name for the country. But that code didn't work because I believe the translations aren't in effect at this point in the connection when the role based security is applied.
So I'm struggling to see how you can accomplish what you're wanting. Maybe someone else will have an idea.
I am working to create a Java based RESTful API that uses Spring MVC.
Now for some of the API endpoints-- multiple different parameters are required... I am not talking about a list of values-- more like parameter1, parameter2, parameter3, parameter4 and so on-- where all the 4 (or more) parameters are of different data types as well.
How do I design the API endpoint URL for the above scenario, eg for 4 separate input parameters? Is there any recommended way/best practice for doing this? Or do I simply concatenate the 4 values, with ach pair of values separated by a delimiter like "/"?
EDIT from user comment:
Example: I have to retrieve a custom object(a 'file') based on 4 input parameters--(Integer) userid, (Integer) fileid, (String) type, and (String) usertype. Should I simply create a REST Endpoint like "getfile/{userid}/{fileid}/{type}/{usertype}-- or is there a better (or recommended way) to construct such REST endpoints?
In REST start by thinking about the resource and coming up with immutable permalinks (doesn't change)to identify that resource.
So, in your example (in comment), you said you want to retrieve a file resource for a user and type (file type or user type?)
So, start with just enough information to identify the resource. If the id is unique, then this is enough to identify the resource regardless of the user who owns the file:
/files/{fileId}
That's also important as the url if a file could change owners - remember we want to identify the resource with just the components needed so it can be a permalink.
You could also list the files for a specific user:
/users/{userId}/files/
The response would contain a list of files and each of those items in the list would contain links to the files (/files/{fileId})
If for some reason the file id is not unique but is unique only in the context of a user (files don't change owners and id increments within a user - wierd) then you would need these components to identify the resource:
/users/{userId}/files/{fileId}
Also note the order based on the description. In that wierd case, we said the files are logically contained and IDed by the user and that's also the containment in the url structure.
Hope that helps.
A GET request to file/{usertype}/{user}/{type}/{fileid} sounds good
I can succesfully authenticate my application with ApacheDS
But now i use only one domain.
I want to add subdomains or sub organizations under root domain.
For example a root organization as
dc=example,dc=com
and sub organizations dc=x
another sub organization dc=y
Now i can authenticate users using uid attribute
like:
user-search-filter="(uid={0})"
i use login name like user1, without an # extension
But i want to have suborganizations and i want to use user1#x.example.com
Is it possible and how?
My application is a spring application but i think subject is independent from my application side.
The attribute defined in the LDAP standards track for email addresses is mail, rfc822mailbox, or 0.9.2342.19200300.100.1.3 as defined in RFC4524. Perhaps your filter should be an attribute assertion using one of those types, for example, user-search-filter="mail={0}".
I am not sure what is meant by "manually". LDAP does not have a concept of organizations, only entries that might belong to an organization. These entries might have a mail attribute if the entry belongs to an objectClass that allows or requires the mail attribute. In other words, if your filter is mail={0} (which might become mail=user1#x.example.com), then a search using that filter (given the appropriate base object and scope) will return all entries that have a mail attribute with the value user1#x.example.com irrespective of where that user is located and irrespective of the value of the uid attribute.
If the users in an organization can identified some other way, perhaps by organization or other attribute, then the filter could be:
(&(uid={0})(o=x))
or
(&(uid={0})(o=y))
One way or another, the users' entry must be identifiable by the contents of the entry. The primary key in an LDAP database is the distinguished name (uid=abc,dc=x,dc=example,dc=com) but attributes in the entry can be used to tighten the filter. Some alternatives are:
use unique identifiers (all uid or mail values are unique in the database, therefore, only one is ever returned to a search request)
use an attribute to identify users in an organization (like o in the example filters above)
use a dynamic group to generate a list of users in an organization.
consider using an extensible match filter to make values in the distinguished names be part of the filtering process
see also
using ldapsearch - the article is about the ldapsearch command line tool, but the concepts are useful when constructing search requests
mastering search filters