OBIEE 11 g (data-level security) session variable

Similar Questions

• Data level security group does not

  I'm testing the security level of data at the level of the group.
  
  Here's what I did
  
  1. went to security-> groups-> Permissions-> filters
  2 the name added to the fact table on which I want to filter.
  3 choose 'enable '.
  4. in the filter column, I added a filter on a column in the dimension. (I don't use any session variable in the filter)
  
  When I create a query responses with the column of the dimension (that I used in the filter) and of the fact table where I set the filter, the filter is not applied.
  Did I miss something in the creation of filters?
  
  Thanks in advance.
  
  Rama.

  Hello

  If the user is a member of two defined by the user and group administrator without filter apply to them because the group administrator will take precedence and no filter can be applied to Administrator.Even if you ooen administrator group, you will see this tab permission is disabled for the administrator group.

  I hope this helps.

  Kind regards
  Sandeep

• BI Publisher data level / security at the level of the line

  I would like to know how we can give data level or line level of security defined in BI 11g Publisher.  If you have any best practice document/link, please provide.

  Don't know if you have already activated

  http://www.Oracle.com/technetwork/middleware/bi-Publisher/overview/WP-Oracle-BIP-row-level-security-132091.PDF

• OBIEE 11 g of UNIQUE authentication data-level security

  Hello
  
  I have implemented SSO in OBIEE 11 g and integrated successfully with Oracle EBS R12. Now, I want to set up security level of data for users of EBS.
  Can help me please key it.
  
  
  Thank you.

  This EBS SSO are that you have set up. ? Is it with cookie based ICX. ? If Yes, then

  Please see the security first guide: http://docs.oracle.com/cd/E20490_01/bia.7963/e19042.pdf

  Did you create block initialization custom to fill the 'GROUP' - variable. You can also choose to fill the "ROLES" - variable with the key responsibility. This variable corresponds directly to Application roles in the Enterprise Manager.

  Make sure that the name of responsibility for BSE is the same that the role of the Application, you are assiging in EM. You could beverlasting responsibilities in EBS to match existing roles (seeds) or you create new roles in OBI Apps to match your current responsibilities.

  Please check if useful.

  Thank you
  SVS

• Level security line with session variables, not recommended?

  Hello

  We are on the point of implement security level line in our project of BI using OBIEE, and the solution that we found more convenient to our requirement was to use session with blocks of initialization variables.

  The problem is that this method is listed as "not recommended" in the Oracle documentation.

  Administration of alternative security options - 11g Release 1 (11.1.1)

  (This appendix describes alternative security administration options included for backward compatibility with improved systems and are not considered a best practice.)

  The Session Variables management

  Session system variables get their values of initialization blocks and are used to authenticate Oracle Business Intelligence users against external sources such as LDAP servers or database tables. Each active session of BI server generates session variables and initializes them. Each instance of session variable can be initialized to a different value. For more information on the use of variables and blocks of Oracle Business Intelligence session initialization, see 'Use of Variables in Oracle's BI repository' in Oracle Fusion Middleware metadata repository Builder of Guide for Oracle Business Intelligence Enterprise Edition.

  How confused... What is the best practice then?

  Thank you for your help.

  Joao Moreira

  authentication / authorizing the part is dealing with weblogic and then initialized the variable USER and you can use it for any initblocks for safety.

  Block of init to authenticate / variable session and authorization are different, I guess that you mix the two.

• OBIEE 11g - the session variable, NQ_SESSION. VARIABLE, has no definition of value

  Hello

  I see a strange problem when using the SESSION variable in OBIEE 11 g SPR for the level of data security.

  The RPD, I created a new block with the PRODUCT session variable init and wise initialization line is defined.

  SQL -SELECT DISTINCT 'PRODUCT', product_id OF BI_SECURITY WHERE UPPER (USER_ID) is UPPER(':USER')

  Condition of data filter is defined on the tables & Dimension in the application role

  Filter data based on products assigned to the user in the security table is applied.

  User A has produced 15 assigned ID

  User B has 100 product ID assigned

  The user was able to connect to the presentation of OBIEE and see assigned product ID are filtered in the report.

  But when a user B signs he sees below error, when you run the same report

  [nQSError: 23006] The session variable, NQ_SESSION. PRODUCT, has no value definition

  Is there a limit on the number of values in session variable can contain.

  Why the error occurs only for user B?

  Has anyone encountered this problem?

  Thank you

  We found there is nothing in the list of the product id is assigned to user B, so report OBIEE failed with [nQSError: 23006]

  Adding a NULL value is NOT fixed INIT SQL block this problem with access from user B.

• Can I use session variables in data model BI publisher SQL query?

  Hi Experts,
  
  We apply security at the level of the BI Publisher 11g data.
  
  In OBIEE we do so using session variables, so I wanted to just ask if we can use the same session variables in BI Publisher as well
  That is, we can include a where clause in the SQL for the sample data as
  
  Where ORG_ID = @{biServer.variables ['NQ_SESSION.]} {[INV_ORG']}
  
  I would like to know your opinion on this.
  
  PS: We implement security EBS r12 in BI Publisher.
  
  Thank you

  Read this-> OBIEE 11 g: error: "[nQSError: 23006] the session variable, NQ_SESSION.» LAN_INT, has no definition of value. "When you create a SQL query using the session NQ_SESSION variable. LAN_INT in BI Publisher [ID 1511676.1]

  Follow the ER - BUG: 13607750 -NEED TO be able TO SET up a SESSION IN OBIEE VARIABLE AND use it IN BI PUBLISHER

  HTH,
  SVS

• by the way the Session variable of type DATE for opaque filter data view

  Hello world

  You guys can help me please by passing the session variable of DATE in physical layer 'view opaque' data type filter RPD to Oracle database

  I tried following syntax, syntax wise, I didn't get any error, but at the same time this opaque view is not fetch all the records as well. my session variable is 'End_date' and its value is 1998/12 / 31:00:00:00(as_shown_in_RPD_session_windows,_datatype_is_DATETIME)

  SELECT AMOUNT_SOLD, CHANNEL_ID, CUST_ID, PROD_ID, PROMO_ID, QUANTITY_SOLD, SH. SALES TIME_ID

  WHERE TIME_ID = TO_DATE (' VALUEOF (NQ_SESSION.) END_DATE) ", ' MM/DD/YYYY')"

  SELECT AMOUNT_SOLD, CHANNEL_ID, CUST_ID, PROD_ID, PROMO_ID, QUANTITY_SOLD, SH. SALES TIME_ID

  WHERE TIME_ID = TO_DATE (' VALUEOF (NQ_SESSION.) ("' END_DATE ')", ' MM/DD/YYYY') "

  SELECT AMOUNT_SOLD, CHANNEL_ID, CUST_ID, PROD_ID, PROMO_ID, QUANTITY_SOLD, SH. SALES TIME_ID

  WHEN TRUNC (TIME_ID) = TO_DATE (' VALUEOF (NQ_SESSION.) ("' END_DATE ')", ' MM/DD/YYYY') "

  In the past, I could spend a session variable in an opaque display by using the DATE filter, but which was in DB2.

  I appreciate your time and help

  Finally, I had good format. It's here

  TO_DATE (substr ("valueof (NQ_SESSION. End_date)', 1, 10), "yyyy-mm-dd")

  and here is the source where I got this information

  Using Variables in Session OBIEE in some tables of the physical layer

• security question about session variables

  Is it possible for a user to have access to modify session variables that are stored on their computer?  Like lets say I stored a session variable on the computer of someone who was < cfset session.number = 100 >, they would be able to change this session variable to be a different number?

  Thank you

  Ben

  Uh, no.

  Because the session variable is NOT stored on the client system.  It is stored on the server.

  What is sent to the client is a token that is sent with each request which allows the server to know what requests belong with what session data.

  By default, this token is a set of cookies called CFID and CFTOKEN but can alternatively configure ColdFusion to use a different cookie called JSESSIONID.  The latter has the advantage of being a memory cookie that is ignored when the browser closes automatically and being common to JRUN JSP sessions if ever, we need coordination with such a system.

  There are known risks if someone guesses any token existing and currently available on the server they can divert from this session.  It's a little more risky if one chooses to use get (URL alias) variables for cookies rather than chips.  But few bother with this option, these days.

• Is connection with session variables secure?

  I use email as a primary key and reproducing $MM_Username when connecting with the authentication of the user.
  
  I of course also "password and $MM_UserGroup.»
  
  Is this system secure against piracy?
  
  I know he does not appear in the address bar, but it is possible to modify session variables using the code in the address bar or in any other way?
  
  I have configured groups of users for new records that only allows the account own display (page restrictions) and I don't want someone else under the law computer and freedoms (unless otherwise stated) in order to access the other folders.
  
  Thank you

  "RichardODreamweaver" wrote in message
  News:eutk47$GQA$1@forums. Macromedia.com...
  > Thanks for this Lionstone - I feel much happier.
  >
  > The validation code is in the page index with page restrictions on
  > everything
  > another connection failed.
  >
  > A concern is your point over https. I use a php on http site and
  > don't
  > don't know if it is possible to convert it to https
  >
  > I can only now count on our hosting provider!
  >

  The script on the server side you use has no effect on this.
  Your host likely provides HTTPS with a common certificate for annual fee.
  Do it some, some do not. most do these days, but you'll have to ask them. ;)

• Problem with session variable purging

  Hello
  

  I've set up in my solution OBIEE RLS filters, in accordance with article http://www.rittmanmead.com/2012/03/OBIEE-11g-security-week-row-level-security/
  All that " works very well, but I have a " "" small "problem (explained in short 'story'):
  

  ' 1. Suppose that user Walter White has affected Reg1 and Reg2 in " ""STAFF_REGIONS" table.

  2 after scoring in the responses the variable "NQ_SESSION." "REGION" is initialized with the values " ""Reg1 & Reg2"

  3 now I am adding Reg3 to the table ""STAFF_REGIONS " of Walter White."

  4 Walter White is logging in the responses and retains data only from Reg1 and Reg2 - why? Because variable NQ_SESSION. REGION still has the old values.
  

  So, here is my question: How can I reset it variable? Reconnection to the answers doesn't help. The only solution I know not is to restart CoreApplication, but this is not an acceptable solution.

  Uncheck the box for hidden in InitBlock variable

  If brand aid

  ~ http://cool-bi.com

• Hacking the Session Variables?

  I have a php MySQL CRM site with lots of sensitive information...
  
  To protect it, I have a session based login system.
  
  Login page - password controls and assigns, name of user, group of users and working groups, to session variables.
  
  Pages restricted - controls usergroup Access id level and group work.
  
  I've heard say that if a hacker has re-written the cookie (didn't know sessions created a cookie) it can trick the server into thinking he's using someone elses session and could therefore view, edit and delete these normally protected records.
  
  I know that the Session data cannot be read or modified, but this could pose a huge security problem.
  
  It was also suggested that the user must retype his password on each page, but it is both unusual and would be a real pain for the user.
  
  Is there a simple way around this?

  .oO (RichardODreamweaver)

  > I have a php MySQL CRM site with lots of sensitive information...
  >
  > To protect it, I have a session based login system.
  >
  > Login page audit password and right holders, user name, user group and working group to
  > session variables.
  >
  > Pages limited - controls usergroup Access id level and group work.
  >
  > I've heard say that if a hacker has re-written the cookie (did not know sessions
  (> created a cookie)

  The session ID can also be added to the URL, but using a cookie is
  the preferred and considered to be the safest way.

  > It can trick the server into thinking that he uses a person
  > elses session and therefore could view, edit and delete these records normally
  > protected.

  Just a few key words to learn more:

  Hijacking a session to steal the cookie usually requires a XSS
  (cross-site scripting) attack. Try Wikipedia or Google for more details and
  How to prevent this problem. This should be the first task, because XSS
  the vulnerabilities are quite common and often the basis for many
  types of attacks, including the following.

  Another not so well known attack called session fixation. What follows
  paper goes quite in detail on this subject:

  http://www.Acros.SI/papers/session_fixation.PDF

  > I know that the Session data cannot be read or modified, but this could pose a
  > huge security problem.
  >
  > It was also suggested that the user must retype his password on each
  > page, but it is both unusual and would be a real pain for the user.

  Agreed. The user would never return. But it is quite common in the largest
  the systems that the user must retype the password before performing a
  critical action, for example before ordering in an online store or
  during the change of personal data.

  > Is there a simple way around that?

  Security is never simple. It depends on how much security is
  necessary.

  Micha

• The session variable, NQ_SESSION. has no definition of value. (HY000)

  Hi all

  I use OBIEE 11.1.1.6.8 version and have deployed version 6.0 of BASEL RPD. When I go to the dashboard I get the below error

  Error
  	View display error
  	ODBC driver returned an error (SQLExecDirectW). Error details

  Error codes: OPR4ONWY:U9IM8TAC:OI2DL65P:OI2DL65P

  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error occurred. [nQSError: 43113] The message returned by OBIS. [nQSError: 23006] The session variable, NQ_SESSION. RPB_Tier1Capital, has no value definition. (HY000)

  SQL published: {call NQSGetQueryColumnInfo ("SELECT saw_0 FROM ((SELECT sum ("head of Accounting Standard in fact"." Standard Accounting head amount "(/1000000) saw_0,"Head of Accounting Standard"". "" Saw_1 head Accounting Standard identifier', '-D2061Legal entity Info "." Customer First Name' saw_2, VALUEOF (NQ_SESSION. RPB_Tier1Capital) saw_3, saw_4 3, '-Dimension Run D1008 '. " Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (Run surrogate key' AS VARCHAR (10)) saw_5 'Basel' WHERE ('head of Accounting Standard". ("' Chief Accountant standard identifier" = "CAP058") AND ("-D001 Date Dimension". "") (Date of extraction "=" 2013-10-04 ") AND (" '-D2036 Type of Cosolidation legal entity "". "") Basel consolidate Option Type Description"(" GROUP")) AND ("-Info entity D2061Legal "." ") (Client name' IN ("*) nqgtn(*'')) AND (" "-Dimension run D1008" "." ") Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (((Run surrogate key' AS VARCHAR (10)) IN ('Basel II Capital calculation-97000106'))) UNION (SELECT sum ("head of Accounting Standard in fact". "Standard Accounting head amount"(/1000000) saw_0, "Head of Accounting Standard" "." " Saw_1 head Accounting Standard identifier', '-D2061Legal entity Info "." Customer First Name' saw_2, VALUEOF (NQ_SESSION. RPI_TotalEligibleCapital) saw_3, saw_4 4, '-Dimension Run D1008 '. " Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (Run surrogate key' AS VARCHAR (10)) saw_5 'Basel' WHERE ('head of Accounting Standard". ("' Chief Accountant standard identifier" = "CAP210") AND ("-D001 Date Dimension". "") (Date of extraction "=" 2013-10-04 ") AND (" '-D2036 Type of Cosolidation legal entity "". "") Basel consolidate Option Type Description"(" GROUP")) AND ("-Info entity D2061Legal "." ") (Client name' IN ("*) nqgtn(*'')) AND (" "-Dimension run D1008" "." ") Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (((Run surrogate key' AS VARCHAR (10)) IN ('Basel II Capital calculation-97000106'))) UNION (SELECT sum ("head of Accounting Standard in fact". "Standard Accounting head amount"(*100) saw_0, "Head of Accounting Standard" "." " Saw_1 head Accounting Standard identifier', '-D2061Legal entity Info "." Customer First Name' saw_2, VALUEOF (NQ_SESSION. RPB_Tier1CapitalRatio) saw_3, 6 saw_4, '-Dimension Run D1008 '. " Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (Run surrogate key' AS VARCHAR (10)) saw_5 'Basel' WHERE ('head of Accounting Standard". ("' Chief Accountant standard identifier" = "CAP214") AND ("-D001 Date Dimension". "") (Date of extraction "=" 2013-10-04 ") AND (" '-D2036 Type of Cosolidation legal entity "". "") Basel consolidate Option Type Description"(" GROUP")) AND ("-Info entity D2061Legal "." ") (Client name' IN ("*) nqgtn(*'')) AND (" "-Dimension run D1008" "." ") Run the Description ' | » -'' || CAST ('-D1008 run Dimension '. ' ") (((Run surrogate key' AS VARCHAR (10)) IN ('Basel II Capital calculation-97000106'))) UNION (SELECT sum (case where "Accounting Standard head".)) «Standard accountant Chief identifier "=" CAP090 "then"fact head of Accounting Standard".» "" Flat rate of chief accountant "when
  
  

  Can someone help me please. I'm new and I have no experience with the available filters.

  The session variable, NQ_SESSION. has no definition of value. (HY000)

  
  

  This means that your init block does not work. Check the init block why its not leading is not to any data.

  only when the init block fails in the data, the server checks for the default value of the variable.

  Since there is no default value, you get this error.

  
  

  Init blocks can fail because

  1 connection pool does not work.

  2. the table or view does not exist

  3. no data in the table

  4. the filter in the sql in init block is not initialized if his coming of another variable of session.

  
  

  in general, no data should bring no results in a report.

  Since you have a session variable as part of the report, and this variable initialization failed, you get this error.
  

• How can it be implemented 'line-level-security' in BI Publisher 11 g (11.1.1.7.1)?

  Hello:

  I'm new with Bi Publisher and I'm looking for a way in to the row-level security in BI Publisher (BEEP) with a data model based on a SQL directly.

  We did some research and we have not found many so far... just this article http://www.Oracle.com/technetwork/middleware/bi-Publisher/overview/WP-Oracle-BIP-row-level-security-132091.PDF

  which is a pretty old document showing how do with VPD (virtual private data bases).

  We do not want to go through this... approach for reporting bi publisher, it would be quite expensive to maintain and works only for Oracle databases.

  What we check is if there is something simple... like to read a variable somehow (get that variable to a SQL in the comic book... Similarly we in RPD) and allows to filter the SQL in the data model.

  A simple example is a segregation by country, for example. I want the United States users get the information for that country only and so on.

  Have you faced the same problem... We have seen that 11.1.1.7.1 has a lot of improvements... is probably something now in this version that allow what we are looking for.

  All comments will be welcome!

  Thank you very much!

  Matias

  Would you be able to maintain an external table to have a Manager and country level mapping. If yes you can combine this with the above query and fix things?

• Getting name of dashboard in the session variable

  Hello
  
  I need to know how I can get the name of dashboad dynamically by using a session variable.
  
  as VALUEOF (NQ_SESSION. The USER) gives me the name of connected user. In the same way, say that I am in the financial dashboard - GL balance, so if I use VALUEOF (NQ_SESSION. CHEMINPORTAIL), it should automatically filled with GL balance eb. If I'm in the dashboard of sales - sales page of the region, adapted, it must be populated with the sales by region.
  
  
  Thank you

  If it's 11g try then @{dashboard.name}
  For more information http://gerardnico.com/wiki/dat/obiee/presentation_variable_system