Impact of changing Oracle view used by crystal report in CE

[marko51]

We used to have direct access to the SQL where clause and implemented a unique row-level security scheme by specify a tailored where clause for each user running a report. We would do this on an NT box and deliver the report to the desktop.

We went to crystal enterprise and tried to implement the same appraoch but changing the oracle view on the fly before instantiating the report through the crystal API. Everything seemed to be fine until we discovered that even tho we created new instances of the report, crystal wants to give everybody access to a single version of the data which it overlays/refreshes in via pageservre->cacheservre time and again, so that users start to see follow-on users data.

Any ideas on how we might work around this problem, besides the obvious -don't use crystal if this is what you want to do.

Thanks.

 

[FVTrainer]

Are you saying that if you have a report with two instances and User A looks at Instance #1 and User B looks at Instance #2, User B will actually see data from Instance #1? That does not sound right at all. How are users viewing the instances (ePortfolio or your own csp pages)?

 

[marko51]

We're using an integrated approach where we've started with crystal's jsp interface and placed the calls to Oracle within that.

Seems like we are not creating a new instance of the report, rather just refreshing the existing report and what we need to do is to <<<truly>>> create a new instance of the report and drop it in the user's personal folder.

Thanks.

 

[FVTrainer]

So...now that you've identified an approach to solve your problem, do you still have a question?

Another thought, apart from creating a new instance, is that when you call an instance, you can pass a filter, so that you only see specific data from that instance. In other words, if an instance has data for dept's A, B, and C, and the user should only see dept C data, you can inlcude a filter on the call to the instance and the user will only see the data he is supposed to see. The key would be that there would have to be a field in your report that would be usable for this purpose. Not knowing your report or security issues, that may be easier said than done.

 

[marko51]

Sorry, working with many theories and approaches.

Background: we are not taking advantage of the filtering capabilty you described. Aware of it, but, we spent way to much time just converting the reports we had and getting the environment setup to run on Solaris w/WebLogic jsp container with an understaffed, inexperienced team.

We have where clause such as &quot;dept LIKE '50%'&quot; which would be a list of 60 different depts. Can filtering provide that type of functionality?

Our problem may be related to the fact that most of our parmeters are not Crystal parameters. We build them into the Oracle view on the fly thru JDBC. So, Crystal doesn't pick up on any difference.

Our near term solution is to put the params into the reports and put the WHERE clauses into the Crystal SQL. When we wrote our Java code we set it up so there would be little maintenance when/if we made this cutover.

However, from a peformance point of view, I think we defintiely want to investigate using filtering and find out whether we can.

Thanks again.

 

[FVTrainer]

Below is a URL used to call an instance. Notice the last part of the URL includes an &quot;SF&quot; argument. This argument is the filter and can use like logic:

http://dell-laptop/crystal/enterpri...nnect&id=217&SF={Customer.Country} like 'US*'

Instead of &quot;%&quot; for the wildcard, it takes &quot;*&quot;.