OBIEE 12 c data security level
Hello
What is the best solution to implement security at the level of the data as we are not able to view our newly created in RPD application role.
TIA
I've created a couple of application roles in EM, but they are not reflected in the RPD.
When I opened the RPD online, I can't add application roles it no more.
Tags: Business Intelligence
Similar Questions
-
integration of data security in OBIEE-ebs
Hi all
I'm trying to implement the data security HR - Org based in the integration of the EBS-OBIEE.
After creation of the initialization block EBS Single Sign-on Integration, get Oracle EBS security context, the responsibility of EBS group I created new human resources organizations block initialization to complete the session variable "HR_ORG" and I use the following query.
Even if USER and GROUP session variables get their values properly and integration works very well, the variable hr_org said 'has no definition of value.
nQSError: 10058 a general error has occurred. nQSError: 23006 the variable session, NQ_SESSION.HR_ORG, has no value definition. (HY000)
SQL issued: SELECT 'by business groups. "" Id Business Group ", VALUEOF (NQ_SESSION.HR_ORG) OF HR
Please help me for the implementation of the security of the data after the integration of the EBS-OBIEE...
To fill the variable HR_ORG by wise initialization line:
SELECT DISTINCT' HR_ORG', TO_CHAR (SEC_DET.ORGANIZATION_ID)
Of
(
SELECT
"HR_ORG", ASG.ORGANIZATION_ID
Of
FND_USER_RESP_GROUPS URP
FND_USER USR
PER_SECURITY_PROFILES PSEC
, PER_PERSON_LIST BY
PER_ALL_ASSIGNMENTS_F ASG
WHERE
URP. Start_date < trunc (sysdate)
AND (CASE WHEN URP. END_DATE IS NULL THEN TRUNC (SYSDATE) ELSE TO_DATE (URP. END of end_date)) > = trunc (sysdate)
AND USR. USER_NAME = ": THE USER"
AND USR. USER_ID = URP. USER_ID
AND TRUNC (SYSDATE)
BETWEEN THE URP. START_DATE AND NVL (URP. END_DATE, HR_GENERAL. END_OF_TIME)
AND CIMP. SECURITY_PROFILE_ID = FND_PROFILE. VALUE_SPECIFIC ('PER_SECURITY_PROFILE_ID', URP. USER_ID, URP. RESPONSIBILITY_ID, URP. RESPONSIBILITY_APPLICATION_ID)
AND BY. SECURITY_PROFILE_ID = CIMP. SECURITY_PROFILE_ID
AND BY. PERSON_ID = GSS. PERSON_ID
AND TRUNC (SYSDATE) BETWEEN GSS. EFFECTIVE_START_DATE AND GSS. EFFECTIVE_END_DATE
AND URP. RESPONSIBILITY_ID = DECODE (FND_GLOBAL. RESP_ID,
-1, URP. RESPONSIBILITY_ID,
NULL, URP. RESPONSIBILITY_ID,
FND_GLOBAL. RESP_ID)
UNION
SELECT DISTINCT "HR_ORG."
ORGANIZATION_ID
OF ASG PER_ALL_ASSIGNMENTS_F,.
FND_USER USR
WHERE GSS. PERSON_ID = USR. EMPLOYEE_ID
AND USR. USER_NAME = ": THE USER"
AND TRUNC (SYSDATE) BETWEEN GSS. EFFECTIVE_START_DATE AND GSS. EFFECTIVE_END_DATE
AND GSS. PRIMARY_FLAG = 'Y '.
) SEC_DET
THX!Hello
First make 100% sure that your USER variable is actually filled by an initialization block that has a priority execution earlier that block your initialization of HR_ORG.
Make sure that you the syntax looks like the following (I just made this, but not with the USER variable, but another one custom) - Note the single quotes around the expression of any "valueof": (xx)
where user_name = ' valueof (NQ_SESSION. THE USER)"Kind regards
Gareth -
The level of data security issue
Hello gurus:
I'm having a problem with the level of data security.
I have copied my Production RPD and Webcat in Test, changed the DSN connection pool and username/password.
Now the problem is, a user has the same rights in Prod and test, is to see properly in Production, but sees nothing in the Test.
I use a block of initialization of the Siebel CRM Application. If clients are assigned to users based on their responsibility to S_RESP and S_USER.
on this basis, users can see the list of customers. Authentication is LDAP server even for production and testing.
Now, a user sees correctly assigned in Production, but not in the Test list. I don't know how to solve. I searched query logs and other things, but cannot find anything.
Please help me how should I study this issue.
Thank you.
VinayHi Vinay,
I guess that your problem is due to the ORGS session variable. Can you open the repository and test the block of initialization for Associations? I'm sure that it contains no value of Test.
On the logging level. I think that it is very convenient for you to have a user who logs level 2 or higher, in order to verify the physical SQL. But you use the same LDAP source for Test and Production, which makes things a little more difficult. So I would advise you to add an LDAP variable to fill the session LOGLEVEL variable. Create a user test with loglevel 2 or higher, and then set the loglevel for all users in 0.
Kind regards
Stijn -
Hello
I have a confusion in security levels.
How many types it was?
Everyone please help.
Thank you
Lacouture.i restricted user1 by adding filter on col1. This is data level security. if i restrict user1 on particular objects then it is object level security. right?? Now, Data level security can be done only on rpd , right? Object level security can be done both in rpd as well as presentation services, right?Yes Rey, you are right...
Award points and end the debate, if your question is answered or mark if she was...
See you soon,.
Aravind -
Shared Svcs 'Submit' data security by Excel
Hi all
What are the security provisions required the user to use the data to submit through SmartView in Excel? I put in place Enable write to Excel, but that doesn't seem to do the trick. I'm looking for the bare minimum.
Thank you!You really need to consider together, unless the user has assigned appropriate safety class and write access to it, the role won't do much. If you have no class security and no process management. Bare bones should be the default role and load the Excel data, the rest of the roles are not related to loading data via excel, they are related to consolidation, EI, I / C, workspace. If the user is using an online form to load the data via excellent so it must form data write back to Excel, but if the user is using formulas, the only one of the two above and the appropriate security levels should do the trick.
-
need help to understand the ACLs and security levels
I use static NAT (nat (inside, outside) static interface) between a single host inside for the DHCP address used on the external interface. The inside interface has the security level of 100, and the outside has the security level of 0. My understanding is that for connections with State, I wouldn't need the ACL. However, nothing works unless I set up an ACL (for example, right now I have a global allow rule). What Miss me?
Even if you 'dormant', but you still have the access list applied on the interface which, by default, will have the "deny ip any any" implicitly at the end of the access eventhough list you have existing line "inactive".
To remove access from the inside of the interface completely list, you must remove the following line:
inside_access_out access to the interface inside group
-
Possible to assign security levels in the VPN tunnel?
Currently I have a PIX-2-ASA VPN tunnel works without any problem.
Here's my problem, I want to know if there is a way to configure one side of the tunnel as an interface "drop safety" of sorts. I want only one side to be able to open traffic.
ACLs are not useful on one side at least as return traffic generated on the random ports. I want only one side to answer Insider sessions, but not be able to start a session on its own.
Since the terminiates of VPN tunnel on the external interface, the security level of each side is '0 '. If all traffic behind on part and on the other the tunnel can innitate sessions.
Any ideas?
Thank you
Edit: One side is a v6.3 (5) of PIX515E, another ASA5510 v7.2 (1)
Hello
On your ASA, you can specify the following 3 connection types in your crypto card:
1 crypto map set type of connection are created only
2 crypto map set connection type response only
3 crypto map set-type of two-way connection
This should allow you to control what end can initiate the tunnel.
Concerning
Pradeep
-
If the Pix inside interface is configured for security, value of 100, while that for the external interface, a value of 0 security:
(1) what does the 0 and 100 mean? Any number between the two, for example of 30, 50, 70, 90?
(2) in terms of inbounding and outbounding, what does the 0 and 100 mean? I think I understand, all the outbounding is allowed; The inbounding from the external network, is allowed to pass through the external interface, but none is allowed through the interface - it is home to this correct understanding?
Thank you for helping.
Scott
the number indicates the security level, highest is 100 and the lowest is 0.
default PIX has inside the interface set to 100; whereas the external interface is set to 0. When you configure the dmz interfaces, you can assign any number between the two.
with pix v6.x, once configured nat/global statement, all the traffic of the higher security level to lower the security level is allowed. that is not acl is required.
Furthermore, traffic intended for the highest level of safety at a lower level of security is not allowed, unless there is an acl in place (usually with the static instructions as well).
It is common to say that the default pix allows all outgoing traffic. in fact, it is more accurate to say that default pix allows all traffic security level higher to lower security level (for these pix has more than 2 interfaces).
-
Security level Confusion of PIX.
Hi guys,.
I did some Internet research to learn more about the function of security level of this Pix. But in no vain.
You guys can advise me on what this security level 100 or 0 is all about? Do I have to set all the my controls to 100 all out 0 inside? If this is the case, my internal system is unable to access the external network as they are of different security level.
Last question here. I have a router with 2 ints: fa0/0(connect to isp, 100.100.100.2) and fa0/1(connect to a inside pix, 10.2.1.1). My pix off int address is 10.2.1.2(connect àle routeur de la fa0/1), and ethernet1 address is 192.168.1.1. This router will do a NAT on behalf of my internal network.
My problem is that I should do a NAT on the PIX to get my 192.168.1.0 network translate 10.2.1.2 If you access the Internet. From there on, the router will translate addresses translated to public addresses reuse its NAT. In this way, it is a double NAT process. This method is feasible? Any other method better other than making a double NAT?
Please kindly advise me on my 2 doubts. :))
Thank you much in advance.
Hello
Using security levels indicates the relative safety of the interface for the PIX. A level of higher security means that the interface should be treated with a high degree of safety, while a lower security level means that the interface connects to a less reliable network. In general, you can consider your interface LAN internal 100, your DMZ segments as something between 0 and 100 and the interface connected to the internet as 100.
Devices connected to interfaces of high security can initiate connections to the interfaces of low level of security thanks to the use of 'global' commands and "NAT" - you do not use NAT. For devices in low-security interfaces to communicate with devices in the higher security interfaces, you must allow access via an access list and a static statement.
In your configuration, if the NAT router already there is absolutely no reason NAT on the PIX as well. Just set up your router NAT source addresses the 192.168.1.0/24 and you should be fine.
On your PIX, configure the following:
NAT (inside) 0 192.168.1.0 255.255.255.0 0 0
That tells the PIX not to NAT these addresses.
Hope that help - rate pls post if it does.
Paresh
-
What is the security level of a signing of pdf from Adobe? How is difficult to break? It is similar to a md5?
Software can crack the document.
-
Input data of level 0 in planning Webform members
I use the v11 planning. I created a form in line with "Account" (Dense) dimension in the column and scenario members online. All other dimensions are POV with members of level 0.
When to open the online form to enter data, only level 0 members are editable.
Y at - it an option where I can also an entry for the Non-niveau 0 members?
Thank you
MathieuHello
Consult the following link: -.
http://docs.Oracle.com/CD/E17236_01/EPM.1112/hp_admin_11122/frameset.htm?launch.html
http://docs.Oracle.com/CD/E17236_01/EPM.1112/hp_admin_11122/frameset.htm?launch.html
Go to Version of Dimension, select / Create the version to which you enter data on the level not zero members, click on edit and select 'Standard target' Version.
I hope this helps.
Concerning
-SM -
Hi, we set the data security in the Security Manager in the RPD.
I found that security are applied to all the dashboard pages and applications
is it possible to have an exception? Define some special cards not defined by the data safety.
Thank youYes, only 2 places.
-
OBIEE 11 g (data-level security) session variable
Hello
Use OBIEE 11.1.1.6
I would like to apply security to the level of data for a particular column as the year.
Ex:
I have 2 users A and B.
If a user has connection I want to display the values of the year: 2006,2007,2008
If a user B connection I want to display the values of the year: 2009,2010,2011
Can u share docs or referral link pls.
Thank youHello
Go to Manage > identity > double click the required user > click the permission button > click the data filters >, select the column required.
year column here > then set the year filter = 2006,07,08.
to another user that the same follow-up steps, then set the year filter = 2009,10,11.
for example, when the user login that it cannot see the data restricted.
Please check if useful/correct.
Thank you
Laeticia
Published by: 934322 on February 22, 2013 02:52
-
Hi all
We are in a situation, every time that the user has open the report report of the industry' and they want to see the country and certain industries (such as Com) and same user opens another 'group report' report in this report, he wanted to see selected countries (like below provable: SG) and the list of all industries. If you have a made solution let me know thank you.
Note: You must use the same size for both reports.
Thank you
Deva
Hello Deva,
How are you now the details of the industry and the country of user, example user is A part of the industry 'Com' and a part of the country 'Singapore '.
Let me assume that you have a separate table to keep these details (table name-user_details).
1. create two dynamic variables of RPD
var_ind i)
Use the query in your init below block
Select industry_name in the user_details where user_name = 'Utilisateur_a. '
var_country II)Select country_name user_details where user_name = 'Utilisateur_a. '
2.
(i) report on the industry applies the sub condition
Exposure.Industry = @{biServer.variables} [var_ind]
(II) country report apply the conditional
Country.Country=@{biServer.variables}[var_country]}Concerning
K.
-
I have created a new user in the planning, attributed the role of Planner. Then I was sure that this user has been assigned access to the Member level for each of the dimensions, using '(inclusive) descendants' privileges. Yet, when I try to access a data form, as I did, I get the following error:
"Security and/or filtering resulted in a necessary dimension is not represented on this form of data.
As I attributed a write access to all the dimensions (account, entity, scenario, version) I am not sure what is the problem. The only thing I can think of it being related to the East that I created 3 user ratings. Now, when I go on these dimensions, they do not display the button "Assign access" anywhere, which is confusing.
Any ideas as to what could be the problem?Take a look on the side database Essbase, "nothingness" user filter will tell you dimenisions when you need assigned security. Also, make sure that on the form itself user has at least read access to all represented members (page, line and POV - all, at least one Page).
Published by: 791281 on November 24, 2010 12:06
Maybe you are looking for
-
I haven't used the new perspective of e-mail from my files/documents and need a lot of help
See above
-
When evaluating a song on my rocket, then sync with Windows Media Player (Windows 7 Ultimate) the side of the song does not affect the copy on my computer. It's disappointing. What I have to live with it or is there something I can do? Sansa Fuze V
-
Thermal solution compromised - reboot and replace the cover. -Message
Hi I get this message when I turn on my computer. It is right after the bios screen. "Thermal solution compromised. Replace the cover and reboot. How can I solve this problem. The fan eventually go very fast and very strong if I continue to use the c
-
Keyboard shortcut for full screen
In the guide of the function, it shows a keyboard shortcut for full screen: SHIFT - F / F11 / full screen toggle CTRL-command-F (all platforms / Windows / OS X) I'm under Win10, and F11 does not work for me (or SHIFT - F). When I hit F11, it penetra
-
Lexmark X 5650 printer keep telling me I need Microsoft .NET Framework 2.0
I downloaded 2.0 but it does not recognize my printer. I use Windows 7 Edition home premium. Whenever I click on the printer icon I get a pop up window telling me I don't 2.0.