Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  Performance Management Framework (PMF)    Why is the tree report showing all the levels down?

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Why is the tree report showing all the levels down?
 Login/Join
 
Master
posted
This should be controversial. A customer recently asked about Access Security and the tree reports (Measures - Rolling 5 Periods, Measures - Previous v. Current, Measures - Prior v. Current, Objectives - Previous vs. Current).

[customer] is using row-level security [e.g, access security - bjf]. They have configured the security for the different users and roles, that they can only see the data for a particular dimension.

The problem is obvious in their organization dimension. Specific users are only authorized for a certain level in the hierarchie. But these users still can see the level above their dimension, that they are authorized.

The customers expectation was, that if they restrict it to a specific level the user won't be able to see the level above. Is there an option to achieve this?

Our response:

The problem they are having is specific to the tree report but it is not a violation of the security.



You are looking at a top-to-bottom level tree and therefore you have to be given the chain to get to the level where you have access to data. You can see the whole chain all the way down to the level where you have access, but the values displayed all along the chain are only taken from the level and value where your security starts. You cannot see peer chains or peer data until you’re at the level you have access.



So if you could see all the data and had no access limitation, you’d see:
(Country > City)
GERMANY [100.00]
            BERLIN [50.00]
            DUSSELDORF [50.00]
FRANCE [50.00]
            PARIS [25.00]
            NICE [25.00]
ITALY [20.00]
            ROME [10.00]
            FLORENCE [10.00]

If you had access limited to Berlin, you’d see:

GERMANY [50.00]
            BERLIN [50.00]

PMF has to show you Germany so it can show you Berlin. But notice that for Germany you only see aggregates taken from Berlin. You don’t see the values from Dusseldorf. And you don’t see France or Italy at all. So security is working.

Likewise if you write an analysis designer report that starts at the top level, they will have to drill all the way down but the data will only come from the level where they have access. You can design the Analysis Designer report to start at the second level, but not the tree.

Comments? How much do people want this changed and what do they want to see in the resulting change?


Bob Jude Ferrante
Director of Business and Development
WebFOCUS Performance Management
Bob_Ferrante@ibi.com
917-339-5105

I'll take any questions about PMF - business or technical - anytime!

 
Posts: 919 | Registered: March 26, 2003Report This Post
Gold member
posted Hide Post
Bob,

My experience is that executives allow their employees (organizations, departments etc) see their data below and above them, but not the peers to them.

If this is the full tree with no restrictions:

ENTERPRIZE [170.00]

GERMANY [100.00]
............BERLIN [50.00]
...................PANKOW [10.00]
...................LICHTENBERG [20.00]
...................SPANDAU [20.00]
............DUSSELDORF [50.00]
...................HAMM [5.00]
...................FLEHE [35.00]
...................VOLMERSWERTH[10.00]
FRANCE [50.00]
............PARIS [25.00]
............NICE [25.00]
ITALY [20.00]
............ROME [10.00]
............FLORENCE [10.00]

and person from Berlin logs in, most requirements asks for a presentation of

ENTERPRIZE [170.00]
GERMANY [100.00]
BERLIN [50.00]
PANKOW [10.00]
LICHTENBERG [20.00]
SPANDAU [20.00]

and sometimes

ENTERPRIZE [50.00]
GERMANY [50.00]
BERLIN [50.00]
PANKOW [10.00]
LICHTENBERG [20.00]
SPANDAU [20.00]


Unfortunately, I've seen both based on the culture of the given business.

Regards,
Endre


WebFocus 7.6.8
iWay Data Migrator 7.6.8
PMF 5.1
 
Posts: 83 | Registered: March 28, 2006Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  Performance Management Framework (PMF)    Why is the tree report showing all the levels down?

Copyright © 1996-2020 Information Builders