Hello,
Having just migrated to BOXI I'm in the process of trying to overhaul our BO access/security and enforce row level security on our database for both connections through Universes (webi and CR) and directly to the database (CR).
I have a solution for the Universe part of this: using the 'Enable Datasource Credentials for BO Universes' option I've been able to associate my BO users with seperate db users which I then use in the db to control the data that each user can see.
This works fine but I'm now trying to achieve the same thing for CR's on InfoView with a direct ODBC db connection (as opposed to going through the Universes).
I can force the user to enter db credentials when they schedule a report which can then be used to control the data returned (as for the Universes), although this isn't ideal as I'll end up issuing all users with seperate BO and db log-ins which I'll then have to manage (not a problem for the Universes as the users will never see the db credentials).
But even if I do this I don't seem to be able to find a way to restrict access to the instances; so if user1 and user2 have different rights in the database but can both access the same report and user1 runs an instance there's nothing to stop user2 viewing it and seeing data they shouldn't.
Creating seperate reports and/or folders is one option but we have 200 reports so I don't really want to go this route.
If anyone has any ideas I'd be grateful.
Having just migrated to BOXI I'm in the process of trying to overhaul our BO access/security and enforce row level security on our database for both connections through Universes (webi and CR) and directly to the database (CR).
I have a solution for the Universe part of this: using the 'Enable Datasource Credentials for BO Universes' option I've been able to associate my BO users with seperate db users which I then use in the db to control the data that each user can see.
This works fine but I'm now trying to achieve the same thing for CR's on InfoView with a direct ODBC db connection (as opposed to going through the Universes).
I can force the user to enter db credentials when they schedule a report which can then be used to control the data returned (as for the Universes), although this isn't ideal as I'll end up issuing all users with seperate BO and db log-ins which I'll then have to manage (not a problem for the Universes as the users will never see the db credentials).
But even if I do this I don't seem to be able to find a way to restrict access to the instances; so if user1 and user2 have different rights in the database but can both access the same report and user1 runs an instance there's nothing to stop user2 viewing it and seeing data they shouldn't.
Creating seperate reports and/or folders is one option but we have 200 reports so I don't really want to go this route.
If anyone has any ideas I'd be grateful.