Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SHARING]Restrict Info-Assist Users to Business Views & Record limit

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SHARING]Restrict Info-Assist Users to Business Views & Record limit
 Login/Join
 
MMcDonald
Gold member
posted
We are locking down our master files for info assist users (since we have over 3000 master files). Info Assist users are only allowed to report off of business views and reporting objects. They are also restricted to a record limit of 200k.
We have had issues with users running info assist reports wide open, forgetting to add a filter. Admins and Developers have unlimited access/rights for info assist.
This is our approach I implemented and thought I would share. All our business view masters are prefixed with “BV_”.
We are on version 8.0.09:
Part One - Displaying only business views for the Info Assist users:
1. create a universal profile in the admin console pointing to a profile focexec
_universal_profile=-INCLUDE ia_restrict_profile
2. ia_restrict_profile profile focexec code
APP HOLD WFMART
-RUN
APP FI IAUSER DISK foccache/IAUSER.FTM
-RUN
-* ************************************************************************************************
-* Get the list of Active Directory group membership for the user
-* ************************************************************************************************
-SET &LIST = GRPLIST(2000, 'A2000');
-* ************************************************************************************************
-* Determine if Active Directory group contains Admin or Developer
-* ************************************************************************************************
-IF &LIST CONTAINS 'RD-WebFocus_Admin' THEN GOTO UNLIMITED ELSE
-IF &LIST CONTAINS 'RD-WebFocus_Developer_User' THEN GOTO UNLIMITED ELSE GOTO ISLIMITED;
-* ************************************************************************************************
-* Set restricted variable and write to foccache for Info Assist Users
-* ************************************************************************************************
-ISLIMITED
-SET &&IAUSER='BV';
-RUN
-WRITE IAUSER &&IAUSER
-RUN
-TYPE &&IAUSER
-GOTO FINISHED;
-RUN
-* ************************************************************************************************
-* Set un-restricted variable and write to foccache for Admins and Developers
-* ************************************************************************************************
-UNLIMITED
-SET &&IAUSER='IA';
-RUN
-WRITE IAUSER &&IAUSER
-RUN
-TYPE &&IAUSER
-GOTO FINISHED;
-RUN
-FINISHED
-RUN
3. add a line in your eda prof from the reporting console to a restricted filter focexec. This will filer all masters that start with "BV" which denotes a Business View :
-SET &&IBI_IF_FILE= ia_restrict_if_file.fex;
4. Code for the restricted filter focexec - ia_restrict_if_file.fex:
WHERE '&&IAUSER.EVAL' EQ 'BV' AND NAME LIKE 'BV_%' OR '&&IAUSER.EVAL' EQ 'IA';
Part Two - 200k record limit for Info Assist users:
1. create a master profile
APP HOLD WFMART
-RUN
APP FI IAUSERCHECK DISK foccache/IAUSER.FTM
APP FI IARECORDS DISK foccache/IARECORDS.FTM
-RUN
-* ************************************************************************************************
-* Get the list of Active Directory group membership for the user
-* ************************************************************************************************
-SET &LIST = GRPLIST(2000, 'A2000');
-* ************************************************************************************************
-* Determine if Active Directory group contains Advanced or InfoAssit Plus User
-* ************************************************************************************************
-IF &LIST CONTAINS 'RD-WebFocus_Admin' THEN GOTO UNLIMITED ELSE
-IF &LIST CONTAINS 'RD-WebFocus_Developer_User' THEN GOTO UNLIMITED ELSE GOTO ISLIMITED;
-* ***************************************************************************************************************************************************************************************************
-* Set restricted variable and write to foccache : &&IAUSERCHECK equal to 'BV' means user is restricted to Business Views Only and &&IARECORDS restricts info assist users to a 200k record limit.
-* ***************************************************************************************************************************************************************************************************
-ISLIMITED
-SET &&IAUSERCHECK='BV';
-* you can change the record imit limit in one place and it will affect all business view masters that contain this master profile
-SET &&IARECORDS=200000;
-RUN
-WRITE IAUSERCHECK &&IAUSERCHECK
-WRITE IARECORDS &&IARECORDS
-RUN
SET PERMPASS=ISLIMITED
-RUN
-GOTO FINISHED;
-RU
-* ************************************************************************************************
-* Set un-restricted variable and write to foccache
-* ************************************************************************************************
-UNLIMITED
-SET &&IAUSERCHECK='IA';
-RUN
-WRITE IAUSERCHECK &&IAUSERCHECK
-RUN
SET PERMPASS=NOTLIMITED
-RUN
-GOTO FINISHED;
-RUN
-FINISHED
-RUN

2. Add master profile to business view master

FILENAME=bv_vw_account, SUFFIX=SQLMSS , MFD_PROFILE=wffex/ia_usercheck_profile , $

right under the master profile line add the following for the global variable "&&IARECORDS" you created in the master profile focexec

VARIABLE NAME=IARECORDS, USAGE=I8, DEFAULT=20, $
3. DBA Rules
at the bottom of your master add:
END
DBA=NOTLIMITED,$
USER=ISLIMITED,
ACCESS=R, RESTRICT=VALUE,
NAME=SYSTEM, VALUE=RECORDLIMIT EQ &&IARECORDS;,$

this will allow Admins and Developers unlimited access but will restrict info assist users to business views, predefined reporting objects and record limit of 200k.

Hopefully, this will be a solution for other admin/developers trying to restrict info assist users.
Thanks
Matt

This message has been edited. Last edited by: <Emily McAllister>,


8.0.9, Windows
excel / pdf
 
Posts: 89 | Registered: October 21, 2010Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SHARING]Restrict Info-Assist Users to Business Views & Record limit

Copyright © 1996-2020 Information Builders