May 20, 2004, 05:36 PM
<pranas>Beginer's question on MRE
Hello gurus,
Is it possible to restrict MRE user group to see only dedicated synonims?
How?
That kind of auhentication possible? Is LDAP authentication mandatory?
Some examples?
Thanks,
Pranas
May 20, 2004, 07:16 PM
webfocuspgmYou might want to give a little more information in your post - Like what version are you using and when you say restrict is that to do adhoc or just run a standard report.
We are currently using 4.3.6 and I control access to the Master Files for adhoc purposes by setting up reporting objects inside domains. A user must be a member of a domain to access the reporting object to run an adhoc.
I know that you can also restrict access to master file descriptions by hardcoding id information in the master itself. Seems maintenance intensive to me but if that's what is needed.
May 22, 2004, 07:55 AM
<pranas>Hello webfocuspgm,
>Like what version are you using
5.2.5
>when you say restrict is that to do adhoc or just run a standard report.
Users must be capable to perform adhocks only from subset of available synonim.
There should be couple of user groups/domains with different subsets of fields.
>We are currently using 4.3.6 and I control access to the Master Files for adhoc purposes by setting up reporting objects inside domains.
>A user must be a member of a domain to access the reporting object to run an adhoc.
Thanks. I'll try that. Seems promising.
>I know that you can also restrict access to master file descriptions by hardcoding id information in the master itself.
>Seems maintenance intensive to me but if that's what is needed.
It seems very maintenance intensive
Thanks for advice,
Pranas
June 04, 2004, 09:52 PM
Denver RSEPranas,
You can restrict users to Domains and Groups from within the MRE User Administration.
You will probably want to create Reporting Objects within said domains - that way only users with access to the domain can use the Reporting Object to create their own Ad-Hoc reports.
Additionally:
Users can have differnt types of access inside a domain (i.e. HTML user (run only), ANALYTICAL user (ad-hoc), Schedule, Advanced, etc.
There are also Groups within User Administration, so a user can have access to one or many Domains, and also be part of one or many Groups, thus allowing even more flexibility.
Metadata Security. While this might appear to add a LOT of maintenance, this is typically not the case. Let's say you have two users running an HR Salary Report. One user is new, the other is "senior". You don't want the "new" employee to see salaries over a certain amount. The "senior" employee can see everyone's salaries.
You can write just one report to satisfy both needs by using DBA security in the metadata by creating an exception rule for the new employee (i.e. where user "new" SALARY LE XXXXX).