Focal Point
[SHARING] Limiting tables available for reporting

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/575101125

September 03, 2010, 11:23 AM
BobSh
[SHARING] Limiting tables available for reporting
Auditors would like for us to limit tables that users can do adhoc reporting from (using Report Assistant or InfoAssist) depending on the domains they have access. Currently, most of our master files are in about 6 - 8 app folders but there are miscellaneous masters in other app folders also.

One option is to use the Application Path option property for the MRE domain. I don't know if WF8.x would have an impact on this or not. I don't know if the Application Path property would still exist since I've heard that domains will no longer exist in their current state.

Another option is to have different Oracle schemas where each schema provides access to different tables/views. However, I don't know how we would determine which schema a user would be authorized to access based on the domains they've been assigned. If we could identify the domains they have been assigned then possibly we could use WF scripting language in site.wfs to set a user ID/password used by the connection string in edasprof.prf.

I'm hoping that someone out there has either done this before or has ideas how to do it.

Thank you.
Bob

This message has been edited. Last edited by: Kerry,


WebFOCUS 7.7.05M, gen 144, Windows 2008 Server R2 64-bit, Tomcat 6.0.33, IIS 7.0, SQL Server, Excel 2013, PDF, HTML, FOCUS files.
September 04, 2010, 10:27 AM
Dan Pinault
Bob -
Here is how we do it.

Each of our user groups has access to different combinations or master files they can access so we set this up in the group profiles on the WebFOCUS Server. It in the Workspace - Configuration section under User Profiles.

The line of code that limits access to master files looks like this...
-SET &&IBI_IF_FILE = e:\SomeFilePath\UserGroup_Files.fex

The content of the UserGroup_Files.fex file looks like this...
WHERE NAME EQ 'MASTERFILE1' OR 'MASTERFILE2' OR 'MASTERFILE3' and so on

When the user logs on to MRE their profile is executed and the &&IBI_IF_FILE variable is populated with the WHERE statement. During the user's session any time they pull up a list of Master Files (InfoAssist, ReportAssist, GraphAssist, etc.) their list is limited to only those Master Files you put in the UserGroup_Files.fex file.

I hope I explained this so it makes sense!

Good luck,

Dan


7.7.05M/7.7.03 HF6 on Windows Server 2003 SP2 output to whatever is required.
September 08, 2010, 01:35 PM
BobSh
Dan - thank you for your ideas. I apologize for not responding sooner but the 3-day weekend made things a little crazy.

I have a few questions I'd like to ask.

Group profiles are mentioned but then it sounds like it's actually user profiles that are created. Is that correct?

How do you assign a user to a group? Are you creating a user profile for every user or are you using the 'group' that a user is assigned to in MRE security and available in IBIMRUSR?

It looks like every .mas file that a group would have access to must be in the WHERE statement. True? We have hundreds of tables although we have not yet associated tables to the domains that should be able to access them so I'm sure the list will be smaller per domain.

Does this method require much overhead as new tables are added or potentially changed from one group to another?

Thanks again for your ideas!


WebFOCUS 7.7.05M, gen 144, Windows 2008 Server R2 64-bit, Tomcat 6.0.33, IIS 7.0, SQL Server, Excel 2013, PDF, HTML, FOCUS files.