row-level security

[tpaddack]

Thanks in advance for any help.

I do apologize for the size of this question, but I could sure use some help and it does not seem to be coming from Crystal.

We are starting an effort to implement row-level security on our reports and I really have no clue how to do it. Due to licensing fee issues, our are using Crystal Enterprise without named users and we would like to find a way to enforce row level security on the dbase which we are reporting.

We are using a single signon (as Administrator) from our web app and would like to pass our application's userid to a hidden parameter for which to run the report. This parameter would then be used to enforce security based on the business logic in the dbase. This way the security layer is invisible to our customer's CE Admin.

Has anyone done this? Does anyone know a good place where I can see an example of this? Reading the forums, it looks like using URL reporting might be a good way to go, but that would mean I'd have to do some serious recoding of our version of CE's ePortfolio.

All ideas are welcomed.

Thanks Mucho,

EZT

 

[tpaddack]

How much work did the Business Views entail?

One reason we chose not to use them was because we were not using named users, but using a single signon for all users with 5 CALs. So using the Business Views did not seem relevant. We would have had to re-architect the linkage between our version of ePortfolio and our application.

Also, the user mapping between our application and the Enterprise server looked like it would be a challenge.

 

[rb2005]

I had to create business filter and set rights. But the thing is I have same number of users who see the reports. I was wondering if there is any way I can use same filter for all reports.

 

[cmmrfrds]

rb2005, did you set up each user separately in the Filter?

 

[moonknightt]

Concerning row level Security.

I have a couple of reports users acess via an application, Instead of directly through CE this is because I do not want these users to view other reports in the folder, since they may not be authorized and could raise a security issue.


Is there a way to prevent users from accessing reports that they are not authorized to see without creating different reports fro different users or different forlders for different users.

What i have in place is a parameterized report that ask for a passcode that is pulled from a view in the database. Kind of like a secret word and only those that enter this word coreectly can view the report.

In the application this word is passed directly to the application calling the report so the users are not aware there is a passcode. If they go directly to enterprise they are able to view the parameters.


Is there a better way to do this because my passcode view is not related to the main view in any way and it is a single line view with only one pass code.such as

View

Passcode
123*IO

 

[cmmrfrds]

Putting in security by value at the database level will cover all sources.

 

[rb2005]

cmmrfrds,

I have created one filter for all users. I have one group for all external users. I have created one filter in Business View and set the rights to the group. This is running fine. But I can not use the same filter for all my reports because they are using different foundation.

RB