Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Dynamic Security

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] Dynamic Security
 Login/Join
 
Platinum Member
posted
Hi,
I have a requirement where we need to show only specific procedures in the Portal(Environment tree) based on the user id(Internal and External).

They are not willing to create separate folders or set security for each procedures.

They have a table which gives the information whether the user is an external or internal user.Is it possible in webFOCUS to restrict the user from seeing certain procedures in any other way.

Also there are cases where the user belongs to both external and Internal groups.

WF8105M
Windows 10

This message has been edited. Last edited by: FP Mod Chuck,
 
Posts: 181 | Registered: October 25, 2017Report This Post
Virtuoso
posted Hide Post
quote:
They are not willing to create separate folders or set security for each procedures

But this is the "normal" and easiest way to do it user WF8 security model.

Another way is to limit the execution of the report based on the retrieved security. But it needs code and the report will still be show in the three list.
Something such as to put at the top of each fex
-* Create your user access check code based on your access table
-*
-IF "&the_user Is Not Authorized" THEN GOTO NOACCESS;

-EXECUTEREPORT
TABLE FILE ...
END
-GOTO XEND

-NOACCESS

< Create nice advise for no access >
-XEND


WF versions : Prod 8.2.04M gen 33, Dev 8.2.04M gen 33, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF
In Focus since 2007
 
Posts: 2409 | Location: Montreal Area, Qc, CA | Registered: September 25, 2013Report This Post
Virtuoso
posted Hide Post
Hi Siva!

We utilize AD groups to manage users in our company. We've configured our BI environment with LDAP and to authenticate/authorize against the AD listings. Now, for additional custom configuration, we've created a filtering procedure that runs at the Universal Profile level that checks what retail stores each user has assigned to them in a table (much like your table you speak of), it brings in user IDs via the Custom Settings environment variable set up called &IBIMR_user to do that (available to you as well). In the end, every procedure or piece of content in the environment has some global variables available to them that we can use to filter content output with. Hope this gives you some helpful ideas. Good luck!


8.2.02M (production), 8.2.02M (test), Windows 10, all outputs.
 
Posts: 1113 | Location: USA | Registered: January 27, 2015Report This Post
Platinum Member
posted Hide Post
Hey Martin,
I will be using the Environment tree option in the portal.They should not see the procedure which they are not supposed to.

Hey CoolGuy,
With this you will be ale to restrict the user from seeing the procedure in Environment tree itself.

Sorry, I might be a pain but i am so confused here.
 
Posts: 181 | Registered: October 25, 2017Report This Post
Virtuoso
posted Hide Post
Siva

If you use the ldap (AD) groups to authorize the users to the folders in the environment tree as CoolGuy has suggested they will only see the procedures they are authorized for. It is much better to do it at the ldap group level because as people come and go there is only maintenance done within ldap and WebFOCUS continues to function without any modifications


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
Virtuoso
posted Hide Post
quote:
They should not see the procedure which they are not supposed to.

So as we all said : use the WF8 security model


WF versions : Prod 8.2.04M gen 33, Dev 8.2.04M gen 33, OS : Windows, DB : MSSQL, Outputs : HTML, Excel, PDF
In Focus since 2007
 
Posts: 2409 | Location: Montreal Area, Qc, CA | Registered: September 25, 2013Report This Post
Virtuoso
posted Hide Post
Siva,

If you learn and utilize the built-in WebFOCUS 8 security model described in the manual for your needs, that you can find in the online documentation, you'll know enough on how to go about doing what you're looking to do. When you set up folders, you'll want to separate out content based on your requirements into separate folders. External users accessing one folder, while the internal access the other. You also have the ability to hide folders, unpublish, etc. Go through the manual and become familiar with this aspect of user administration. Good luck!


8.2.02M (production), 8.2.02M (test), Windows 10, all outputs.
 
Posts: 1113 | Location: USA | Registered: January 27, 2015Report This Post
Virtuoso
posted Hide Post
Additionally, despite users accessing content from differing folders, you can then create a fex that runs before actual content runs inside a portal, tied to a portal panel, once you want to create one. Tie this initial fex to the panel, and create a branch flow based on whether the user is internal or external, and -INCLUDE the proper content in for running based on which branch executes. That way the users only see what they are supposed to.


8.2.02M (production), 8.2.02M (test), Windows 10, all outputs.
 
Posts: 1113 | Location: USA | Registered: January 27, 2015Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Dynamic Security

Copyright © 1996-2020 Information Builders