level of data access rights

Hello

In your opinion, what is the best way to implement data access level rights?

Before I used VPD to database 11g. Now, we decided to keep the aggregations in the cube OLAP (AWM 11 g) and I'm looking for the best solution limiting the user access rights to members of special dimension to different levels. For example, we must leave Office Manager to see only its data from team members (and do it dynamically, without having to grant the role of severl hundreds of managers separately), or let product manager see only 3 categories of products.

I am browsing OLAP forum for awhile, most of old son means AW_ATTACH / PERMIT_READ / AUTOGO. Are there other options?

There are two mechanisms available to control that can see the data by user: cube or dimension according to the strategies of security and private virtual database (DPV). Each have their own forces. Many organizations use a combination of the two.

Cube security policies allow you to grant access (SELECT, INSERT, UPDATE, DELETE) to a database user or role. You describe what dimension members a user has access. For example, Europe and all descendants. If the security policy is applied to a dimension, that policy is applied on all cubes that use the dimension. If cube security if applied in the context of a policy, the policy is limited to this cube.

Cube security policies:

* Are 'hermetic', because they apply to all access methods (SQL querying the views of dimension and cube, SQL, OLAP_TABLE and CUBE_TABLE, OLAP DML, PL/SQL, queries etc.).
* Are convenient. Apply a policy to a single dimension, and it applies to all cubes. It is very easy to express security policies by selecting the members or the use of hierarchical expressions in Analytic Workspace Manager.
* Are limited to users and roles, so the applicability may be limited to certain use cases.

Virtual private database policies are applied to views of dimension, hierarchy and cube. These views using OLAP is not different from any other table or view.

MEV:

* Applies only to the objects on which you apply a policy (for example, dimension, hierarchy, and cube views). If you need to make the hermetic policy, you should stop other access methods. For example, revoke execute on DBMS_AW, etc.
* May take a bit more work to set up, but they offer some additional flexibility because you set the policy with PL/SQL. That's all what you can invent.
* Can be applied beyond the users and roles.

The key is that both are quite useful. Learn more about the two and use the feature that best matches your request.

Tags: Business Intelligence

Similar Questions

  • Could not open a file to VMDK using SAN transport using Netbackup 7.1 "you don't have access rights to this file.

    Hello

    I'm trying to backup VMware clients using Netbackup for VMWare 7.1 using the type of transfer to san, and the forum NBU told me that my vm-admin user has no right of access to the VMDK file. However, I checked and I can download the backup host VMDK files and take and remove snapshots as vm-admin user.

    The servers are configured as follows:

    vc01 is a Win2008R2 vSphere 5.1 Server

    ENC1-bl09 by enc1-bl12 are blades running ESXi 5.1

    VM-bak01 is a Win2008R2 NBU media server 7.1 server and is defined in NBU as backup VMWare host

    Data warehouses that contain the VMDK files for the guests are all about EMC and HDS storage accessible via the San by the NBU Media Server and ESXi servers (although mapped through different areas)

    ESXi servers have access to local data and NFS storage warehouses too, but none of these warehouses are used by clients.

    I could save a few guests we via NDB, but they finish in time because the network is not fast enough. Estimated time of 8 days for nightly backup!

    So I have to use a SAN to back up the guests, but he keeps fails with the error below...

    09/01/2014 10:25:16.0745: g_vdInterfaceLogger:.\libvix.cpp:1683 < INFO >: SAN: cannot access a SAN/iSCSI LUN support this virtual disk. (Tip: If you use vcbMounter, you can use the option "nbd m" to move to disk-based network access if that's what you want.) If you were trying to access at the file level, stop the vmount Service by typing "net stop vmount2" in a command prompt to force vmount to re-scan for the SAN LUNS and try the command again.

    09/01/2014 10:25:16.0745: g_vdInterfaceLogger:.\libvix.cpp:1683 < INFO >: DISKLIB-LINK: 'san://snapshot-1968 [WAS-B-DS01] FTL-PROD-SOAHTP02/FTL-PROD-SOAHTP02.vmdk@MAL-VC01?vm-admin/XXX': cannot open (you don't have access rights to this file).

    09/01/2014 10:25:16.0745: g_vdInterfaceLogger:.\libvix.cpp:1683 < INFO >: DISKLIB-STRING: 'san://snapshot-1968 [WAS-B-DS01] FTL-PROD-SOAHTP02/FTL-PROD-SOAHTP02.vmdk@MAL-VC01?vm-admin/XXX': cannot open (you don't have access rights to this file).

    09/01/2014 10:25:16.0745: g_vdInterfaceLogger:.\libvix.cpp:1683 < INFO >: DISKLIB-LIB: can't open 'san://snapshot-1968 [WAS-B-DS01] FTL-PROD-SOAHTP02/FTL-PROD-SOAHTP02.vmdk@MAL-VC01?vm-admin/XXX' with flags 0x1e, you have no rights to this file (3390).

    09/01/2014 10:25:16.0745: vdOpen:.\VixInterface.cpp:196 < ERROR >: VixDiskLib_Open() error. You leave

    09/01/2014 10:25:16.0745: openLeafSnapshotDisks:.\VixGuest.cpp:452 < ERROR >: vdOpen() error = 13. Call of closeLeafSnapshotDisks()

    09/01/2014 10:25:16.0745: openLeafSnapshotDisks:.\VixGuest.cpp:555 < ERROR >: you quit with failure

    09/01/2014 10:25:16.0745: vixMapObjCtl:.\VixCoordinator.cpp:904 < ERROR >: you leave with 23

    09/01/2014 10:25:16.0745: < ERROR > vix_map_objctl:.\libvix.cpp:1138: error 23

    Please someone on this forum explaining why VMWare is denied access to the VMDK file?

    The problem was solved by upgrading to 7.1.0.4

    http://www.Symantec.com/business/support/index?page=content&ID=TECH174128

    Thanks to Philippe of the Symantec Connect forum for the answer

  • Access rights potential vulnerability EDB - 31617 Bad

    Hello

    I received a warning after a network scan of Eset Internet Security tool.

    With this message 'potential vulnerability EDB - 31617 Bad access rights', do you know something about this vulnerability?

    This issue is already known for a different model: DGN2200 N300 Wireless Router

    https://www.exploit-DB.com/exploits/31617/

    Can you confirm this info or a warning of bad?

    Thank you

    Hello gyves1

    Thank you for your concern. NETGEAR values your input and take the safety of our customers and their data very seriously. We regularly monitor our products for security issues and we provide detailed information on www.netgear.com/about/security. In addition, if you have reasons of security, you can reach us at [email protected].

    DarrenM

  • You don't have access rights to this file

    Hello again everyone.

    I get an error using the example of application the VDDK (vix-disklib-sample).  I am using the SAN mode for the information on the disks, but I get this error message:

    Error: [vixDiskLibSample.cpp:599] d you don't have access rights to this file

    I am using the same machine that I used in my previous post: 1730997.  I will repeat them here:

    The command I used:

    LD_LIBRARY_PATH = / usr/lib/vmware-vix-disklib/lib64. / vix-disklib-sample - info.
    initex - /root/.vmware/vix-disklib.conf - libdir/usr/lib/vmware-vix-disklib.
    -mode 'san' - 'moref = vm-13141' vm - ssmoref ' snapshot-13314' \ '.
    -welcomed the vcenter.company.com - user "administrator@company" - password "xxxxxx".
    "[VM-devices] vMA/vMA - 000001.vmdk'."

    I checked using MoB that those are references to managed object appropriate for the virtual machine and the snapshot (see my previous post).

    This is the machine I use it on:

    Processor: 2 x Xeon of Intel (r) CPU 5150 @ 2 .66GHz
    Memory: 3924MB (3331 MB used)
    Operating system: Ubuntu LTS 10.04.2

    Kernel: Linux 2.6.38.2 - candela (x86_64)
    Compiled: #1 SMP kills Mar 29 16:52:38 CDT 2011
    C Library: Library GNU C version 2.11.1 (stable)
    Default C compiler: compiler GNU C version 4.4.3 (Ubuntu 4.4.3 - 4ubuntu5)

    Version VDDK: VMware-vix-disklib - 1.2.1 - 323406.x86_64.tar.gz

    Think otherwise says may be something to do with the SAN mode, I ran vmware-mount to check that I could actually mount the drive in question.  I managed to mount the drive with the following command:

    LD_LIBRARY_PATH = / usr/lib/vmware-vix-disklib/lib64 vmware-mount.
    v 'KS-PROD-data center/vm/vMA' h vcenter.company.com u 'administrator@company '.
    F /root/.password f ' [VM-devices] vMA/vMA - 000001.vmdk "/ mnt/test /.

    Anyone has any ideas of what this could be?  The error is a little vague...

    I've also attached the log output

    One thing you should be aware of: you will not be able to access a drive that is currently in use by the virtual machine.  If you have created a snapshot on a virtual computer running, you'll be able to get access to the base vmdk, but not for the instant vmdk.  This is because the instant vmdk - is in use, but the base is not the disc.

  • need help to set the access rights of a vmware server 2.0.1 on vmware image

    Hello!

    I have a vmware (running ubuntu server 9.04) image that was created with a vmware server installation varsion 1.0.9. now I decided to upgrade to the host, which means that the host totally changed: new equipment, new OS, new vmware-server-version: 2.0.1

    My problem atm is, I may not know, what would be the appropriate access rights (chown/chmod) for this vmware image. during the installation of vmware server 2.0.1 I was asked to specify some 'administrative user' where I took the an im working with Linux itself (lets call it "user").

    so, when I copied the old vmware image in the data store (/ var/lib/vmware/VirtualMachines for me), chown-ed the folder including all files init by A, setting chmod to something like 600, the console vmware (web surface) told me that there were several problems with the image and couln can't be started etc. etc. etc...

    I played with several rights to the image and the only thing that seemed to help was setting the folder and all files included in 'root' with the command chmod chown '777'... not what I would call 'secured '.

    so: how to set the access rights for the virtual machines? I want that they have only minimal rights as possible and especially nothing like root: 777...

    My static VM files, as in those who are not dynamically created when the virtual machine starts, are the property of root, root of group with permissions of 711. Root is the user that I have chosen as the admin user when you run vmware - config.pl. My users do not have direct access to this server, so I'm not too worried about the permissions. You can give different rights for different users to different virtual machines, creating roles and their allocation to users/groups. On that, the details are in Chapter 10 of the user guide - http://www.vmware.com/pdf/vmserver2.pdf.

    Guy Leech

    VMware vExpert 2009

    ---

    If you have found this device or any other answer useful please consider the use of buttons useful or Correct to award points.

  • Data access model

    I don't want to give the display and editing of the report data model rights to my users. How to get there?

    I don't want to not my users to see the SQL query or be able to see the data query builder, how to hide users while keeping their power change the presentation of the report and also to use the parser to

    Concerning

    Nouman Shaikh

    Hi Julie,.

    In BIP10g you can get partially business needs: set a user and assign any role to it. This user will be able to run reports and do not edit/modify them. The user will not be able to edit the same model if, as it would have access to the data model as well.
    In BIP11g, you can certainly have more control over things like data model and you can set a group that can run reports have access to models, but not be able to edit data models :).

    concerning

    Jorge

  • Data access error

    Hi guys,.

    I meet a data access error when you try to import a source .csv file. I found almost the same questions in the previous discussions, but containing no not a solution for mine.

    I use a 10g DB, I unchecked the box in the power for the bitmap of the work table index. This option must be turned on to Oracle 9i and Oracle 10 g.

    Also, I tried with and without the scripts in the import formats. Also not the cause. Finally, I tried to import a file of my own computer source, also not the question.

    I'm running out of options. Please check my error log:


    * Start the journal entry for the Runtime Error FDM [2010-12-14-13: 00:59] *.
    -------------------------------------------------------------
    ERROR:
    Code...-2147217900
    Description... Data access error.
    Process... clsImpProcessMgr.fLoadAndProcessFile
    The component... upsWObjectsDM
    Version.......................................... 1111
    Thread........................................... 4656

    IDENTIFICATION:
    User............................................. xxxx
    Name of the computer... DCEPHFMTSTDB1
    App Name......................................... FDMTEST
    Client App....................................... WebClient

    CONNECTION:
    Provider......................................... ORAOLEDB. ORACLE
    Database server...
    Name of the database... HYPDB
    Trust connect... Fake
    Connect status... Open connection

    GLOBALS:
    Location......................................... AEP812
    Location ID... 749
    Location Seg... 3
    Category......................................... WLACT2010
    ID of the category... 12
    Period... Jan - 2010
    Period ID........................................ 31/01/2010
    POV Local........................................ True
    Language......................................... 1033
    User Level....................................... 1
    All Partitions... True
    Is Auditor....................................... Fake

    Published by: JDeM on 14-dec-2010 04:19

    Hello

    Based on your error log; It seems as the locale of the FDM Server (when he went to generate the load file in bulk) for Oracle is not U.S. English.

    VALUES (749, 12, N ' 20100131', no YTD ', N ' 21451000', no EPFI ', N ' 880', no CLO', N "[NONE]", N "[NONE]", "[NONE]" N, ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",", ",",",",",", 0, -, 00461);

    The value at the other end must be your amount... which I suppose is in a non.

    As the comma is used as a field separator; It cannot be used in a value... I suggest that you review all the settings and ensure that they are consistent and accurate. If you need the decimal value to a comma, you need to set the option of replacement comma inside the FDM "Parameters of Configuration" in the Menu Administration.

    Thank you

  • The level of data security issue

    Hello gurus:
    I'm having a problem with the level of data security.
    I have copied my Production RPD and Webcat in Test, changed the DSN connection pool and username/password.
    Now the problem is, a user has the same rights in Prod and test, is to see properly in Production, but sees nothing in the Test.

    I use a block of initialization of the Siebel CRM Application. If clients are assigned to users based on their responsibility to S_RESP and S_USER.
    on this basis, users can see the list of customers. Authentication is LDAP server even for production and testing.

    Now, a user sees correctly assigned in Production, but not in the Test list. I don't know how to solve. I searched query logs and other things, but cannot find anything.
    Please help me how should I study this issue.

    Thank you.
    Vinay

    Hi Vinay,

    I guess that your problem is due to the ORGS session variable. Can you open the repository and test the block of initialization for Associations? I'm sure that it contains no value of Test.

    On the logging level. I think that it is very convenient for you to have a user who logs level 2 or higher, in order to verify the physical SQL. But you use the same LDAP source for Test and Production, which makes things a little more difficult. So I would advise you to add an LDAP variable to fill the session LOGLEVEL variable. Create a user test with loglevel 2 or higher, and then set the loglevel for all users in 0.

    Kind regards
    Stijn

  • Tecra M2: Energy saving - have no access rights

    Hello

    I am running a Tecra M2 with Windows XP SP2 and I recently installed Toshiba Power Saver as I want to make the most of my battery on a flight that I take. However, when I try to run the Toshiba Power Saver in the Control Panel, I get a window with the following error message:

    Cannot be opened because you do not have access rights to use 'TOSHIBA Power Saver'.

    I am logged on as administrator, but I still get the same problem. I even re-installed Windows XP, but after having installed all the drivers, I get the same error. I tried to install the version of Win2K of soft, but it gives the same problem.

    Any help is appreciated as I want to make the most of my laptop computer power wise.

    TIA

    Klaus

    Hello

    I put t know what is happening in your case, but if you are logged in as administrator starting point please power saver utility and go to the CONFIGURATION OPTIONS. Check the CONFIGURATION PROFILES and activate both options here.

  • Satellite M40-282: I don't have access rights to run Power Saver

    I installed GST when I reinstalled my new OS manually
    and I installed GST but he did not show up to reinstall after.
    In the control panel when I try to click the GST that it says 'cannot be opened because you do not have access rights to run Toshiba Power Saver '.

    But I am logged on as administrator for sure

    Hello

    It s very strange and unusual.
    Have you chosen the right drivers and you have everything installed correctly?

    I studied a little on the net and it seems that the M40-282 Sat has a serial number PSM42E and so take the drivers of the PSM42E series.
    (On the driver page I saw three different M40 accordingly large number)

    I discussed with other users, and especially incorrect installation was the problem. On the driver page, I found a statement of installation, and in my opinion, you should follow the guidelines in this document.
    Everything should then work. I hope ;)

    Check it out. Good bye

  • Windows 2000 Server access rights

    How to create a folder on the server access rights?

    This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
    *

  • Control of user access rights

    I want to do my second drive invisible to the user accounts on my PC. I downloaded a Microsoft program a while, but no longer have it. I don't remember what it's called and if I find it hard to find. It allow you to control access rights. Does anyone know of this program?

    Assuming that your second drive is formatted with NTFS, you control access to the drives, folders and files using the 'Security' tab in the properties of the file/folder/drive.  The following article goes into detail:

    "How to set, view, change, or remove special permissions for files and folders in Windows XP"
      <>http://support.Microsoft.com/kb/308419 >

    Note that this article deals with XP Pro.  If you have XP Home Edition, you will not have access to the Security tab because Simple file sharing can not be disabled in XP Home.  However, if you start mode (repeatedly tap the F8 key during startup key) safe and open a session as long as user with administrator privileges, you will be able to use the security"" tab.  After properly configuring your security, you can restart your computer normally and will always stick settings.

    Alternatively, you can use the 'CACLS' command from a command prompt window, but which becomes ugly.

    HTH,
    JW

  • Have I not Microsoft Data Access Components 2.1 or above on my computer?

    I tried to download a Blackberry user Tools CD. Place the CD in the drive... An error message came up saying that I had to install Microsoft Data Access Components 2.1 or more.  How will I know if it is already on my computer... or if I have to install it?

    Don't have never had this problem before when you place a disc/program/CD in the drive.

    Help!

    Thanks, Lawana

    Hi Lawana,

    You can use the components Checker tool to check the version of Microsoft Data Access Components (MDAC) installed on your computer.

    How to check the version of MDAC?

    Hope the helps of information.
    Please post back and we do know.

  • Access rights ext mem and default apps reset to the start of the phone

    Whenever I have start the phone I have to change the SMS default to GO SMS Pro, put engine in place the access rights to it external to explore memory card solids which I use as the default file manager and change some parameters in headphones Jabra and FV5 camera. It was not yet with the previous version of Android 6. Now I have v. 6.0.1.

    Problems with the SMS app by default and the default method of reading aloud SMS messages have been resolved by moving all relevant applications in main memory.

    They have been moved to the SD card in accordance with the recommendation of the system, to save memory. It was a bad idea.

  • Insufficient access rights to create files in the specified folder

    Insufficient to create files in specified folder access rights you can't install files in this folder. It will not be installed in a folder that I created is. try to install ti collection of games from Agentix magic

    Try right click on the setup.exe > run as admin.

    See you soon. Mick Murphy - Microsoft partner

Maybe you are looking for

  • Export of the stems to wav

    I have a problem with that; It only gives me an option to export AIF and export all the files (including hidden tracks and muted)? any ideas on how to do it? Thank you

  • resonance or vibration iMac 27 inch end 2015

    Hello Since a week that I am in possession of an iMac 27 inches 5K end 2015 with retina display and HD 1 TB (no merger drive) It also does very well, but what stands out is vibrating slightly. This can be observed when handling the Mac down with the

  • What is advantages of MS Silverlight? I checked some of

    I checked some of the MS videos so I am aware of the complexity of the program is... so why do that I "general public model" Silverlight or how it will benefit me? Seriously guys, I'm not computers then why? It's like dumping a manual of "How to buil

  • OfficeJet 4500 G510g: Impossible to uninstall HP Officejet 4500G510a-f (Windows 10)

    My Officejet 4500 G510g HP Solution Center opens not once 10 Windows worm 1511 was expelled 12/30/2015.  Windows KB3133431 update has been installed automatically on 06/01/2016 and who should have solved the problem, but he did not.  I uninstalled my

  • Peer-to-peer NFC - how to send multiple messages?

    I am able to send one message from a device and read on the other. I wanted to do a handshake 3 channels using NFC, my goal was to have:-App 1 writes a tag that begins app 2 served if it does not work-App 2 sends a piece of application data 1-On rece