Using filters Essbase to restrict access to OBIEE dashboards for multiple users

Hello

You can use Essbase filters to restrict access to the data in OBIEE dashboards so that users with no access to specific members are not able to see all data for multiple users.

Any suggestions on how to go about it.

Thank you!

Hello

Like any data source as an essbase.

You can filter the data by the user, use a NQSESSION. to get the session the correct access.

Kind regards

Tags: Business Intelligence

Similar Questions

Report of BEEP in the use of the content on the Emdedded OBIEE dashboard not working not

Report of BI Publisher throwing error 'Allowed access' seen OBIEE dashboard page.
OBIEE and BEEP is integrated by default when it is installed.
Requirement:
Embed report BEEP in OBIEE dashboard page.
Report parameters a BEEP and then tried the method to incorporate the full report without "Header" information below
Steps for coating
1. connected to BEEP via the URL xmlpserver and link report generated using option "report sharing link.
Below the URL generated for the 'No Header' option
http:// < Server >: < port > / xmlpserver/training/My_Test/Data Model Editor / Oracle BI Analysis Report.xdo? _xpf = & _xpt = 0 & _xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo & _xmode = 2 & _params_dashboardexpr = xdo%3Axdo%3A_paramssaw.param.Month_div_input=All & _paramssaw.param.Month = * & product = _xt & _xf = html & _xautorun = true
2. copy the generated URL
3. connected to OBIEE analytical URL and created a new dashboard
4. slipped and fell "Embedded content" Dashboard object
5 a. provided the URL copied in embedded content
6 saved the dashboard and it ran.
7 error received unauthorized access
Please note that I received as "Suspicion of Injection of Script" error sometimes.
I see that no permissions related issue because I've been running reports by using administrator privileges.
Details of the attached error.
Thank you!

Problem has been solved by following step below

The spaces in between the name of the report template/folder/data should be replaced with % 20.

URL before change

http:// :/xmlpserver/Training/My_Test/Data Model Editor/Oracle BI Analysis Report.xdo?_xpf=&_xpt=0&_xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo&_xmode=2&_params_dashboardexpr=&xdo%3Axdo%3A_paramssaw.param.Month_div_input=All&_paramssaw.param.Month=*&_xt=Product&_xf=html&_xautorun=true

URL after change

http:// :/xmlpserver/Training/My_Test/Data%20Model%20Editor/Oracle%20BI%20Analysis%20Report.xdo?_xpf=&_xpt=0&_xdo=%2FTraining%2FMy_Test%2FData%20Model%20Editor%2FOracle%20BI%20Analysis%20Report.xdo&_xmode=2&_params_dashboardexpr=&xdo%3Axdo%3A_paramssaw.param.Month_div_input=All&_paramssaw.param.Month=*&_xt=Product&_xf=html&_xautorun=true

How to restrict access to certain pages of a user group

I want to restrict access to certain pages in my application to a set of users only. How can I achieve this.

use the authorization scheme for permission to the users group"

See also follows her

Schema authorization using the APEX authentication scheme

security - authorization roles and user in Oracle Apex? -Stack overflow

How to create the schema for permission for the users group.

Leave.

Restrict access to the Page of the user in the relational database
I have a relational database with two tables on a common ID field. The user can access all their entries in the child table with simple SQL queries and then select from a list of correspondence which of its documents records in the child table that they wish to change (i.e. ['ID'] ParentTable, ChildTable ['ID'])). Registration is then displayed using $_GET passed through the URL as parameter "recordID". However, when the user is connected and accessing a folder that matches the query, they can then enter another "RecordID" number in the URL and go to any record in the table child whether they are 'owner' of the record or not.

I tried to put a statement of equivalence in the authorization user code to restrict the access to the child records users since ParentTable ['ID'] == ['ID'] ChildTable only when you are connected the user accesses the records they created previously. (In other words, when a user type a different "RecordID" in the URL, the ParentTable ['ID'] and ChildTable ['ID] are not equivalent.) The code that I entered in the authentication of the user generated by DW is as follows:

If ((isset ($HTTP_SESSION_VARS ["MM_Username"]) & & ($row_ParentTable ['ID'] == ['ID'] $row_ChildTable))) {}
...

Is still not accessible, even if tests show the ParentTable ['ID'] and ChildTable ['ID'] are not equivalent

Any ideas on how to restrict access to the child records "unknown"? I'm sure it's relatively simple, but I'm having trouble to get through this obstacle.

Thank you
Thank you, Philo. In fact I got it to work by initializing a session variable of tha parent ID of the table and comparing it to the variable ID of child table, then using a header redirect in case of inequality. Part of my problem was where I put the code in the page. Anyway, it works now. It seems that the answer is always just after you have posted the question.

restricting access to a schema for all
What are the methods to restrict access to a particular schema obects?

My impression was always that all access to an application schema should only be given through roles. and it was as simple as turning off these roles to restrict access. but I get the impression now that disabling a role is at the user level only session...

the most popular direction.
If it's just a backup to close applications, perhaps just looking for the opportunity to password protect the roles, as I mentioned in my original post. You could certainly password protect all the roles in the database with a password only you know (assuming, of course, none of the upgrade scripts rely on any of the roles or that the upgrade scripts are modified to activate the roles), and then remove the password when the upgrade is completed. This would be a relatively unique solution - I have not heard of someone who was particularly concerned that a request would be left inadvertently on and cause corruption of the information during a major database upgrade - application error if the schema definition is not what they want - but it would probably normally as possible. And it would be relatively easy to script.

Of course, you still have to deal with sessions that existed before your password protected the role, but who would usually point you in the direction of an application that had not yet been arrested.

Justin

Restrict access to specific dashboard in Vfoglight Pro 6.7.1

Hi, I need to limit some users to access only specific dashboards, I created a user, group or role, however I can't find what the name of the view that I need to limit.

Please see the following screen.

Any clue?

Kind regards

Michael.

Hi Michael,

To view the virtual machines with this role, please follow the procedure below & see if it works:

* Go to the folder Configuration / definitions and click the down arrow next to vmware-> Edit.

In the Module edit window popup that appears, check the VMware QuickView user and click on apply.

For both roles allowed & relevant.

* Then, Expand Vmware-> click on the Virtual Machine

* Select the Explorer of VMware view (on the screen from the bottom where the drop-down menu displays views)

You will see 2 inputs for VMware Explorer, please change both of them.

Screenshot:

* Click on the view-> click on change

* Click on the button of allowed roles

* Select the user to VMware QuickView

* Apply and save the changes.

PS: Your Admin user must be part of the Group of developers of cartridge to change these settings.

Best regards

Rachel

Using a separate drive for My Documents for multiple users

I imagine using an SSD as a system drive and a hard drive as a data reader, both connected internally via SATA, is common. My question is about pointing My Documents on this disc of data instead of the system drive. Steve Winograd has answered the question for a single user to http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/move-the-my-documents-folder-to-another-drive/a41eaabb-2c5b-4502-85ba-fd49a007fd82.

I understand that my Documents is just a pointer that can target any player. But what happens when several users do? For example, the data drive is partitioned as a big drive, so the second user replaces the first pointer or all users simply point to the name of the partition, which allows all users to share the drive?

Just make sure you have unique files on the other disk for each user

There are various methods to have your documents in one location other than the default location of origin. Steve Winograd showed one.

Suppose you have two users, Alice and Bob, and you want to have documents on the D: drive, which is a traditional spinning rather than C: drive, which is an SSD.

If you follow the instructions of Steve, you do the following:
1. Log in as Alice
2. Create a folder on drive D: named Alice, and a new subfolder in the Alice folder named My Documents. In other words, create the D:\Alice\My Documents
3. Follow Steve beginning with step 2, using Documents D:\Alice\My as 'new folder '.
4. Log in as Bob (you can just click on the arrow on the Shut Down button and select "change user")
5. Create a folder on drive D: named Bob, and a new subfolder in the folder named My Documents Bob. In other words, create the D:\Bob\My Documents
6. Follow Steve beginning with step 2, using Documents D:\Bob\My as 'new folder '.
Your directory structure should look like this:

How to grant access to "My dashboard" to other users?
Hello!

Is it possible for someone else to see my dashboard 'my '?
In responses, under Dashboards folder, I can see all other folders on the right, except "My dashboard" even if it appears in the browser window on the left.
I can obviously not reason with you then this is what you want. I guess you will need to learn from your own experience that you don't want to listen to all the advice and take it as an insult.

Using Catalog Manager go to the user folder you want to share, and change ownership recursively on the account that you are logged on Catalog Manager with. Change and recursively cascading permissions to add the other user/group who wants to see the user dashboard. After you've done will be able to refer to dashboard of the user with a URL like this (assuming that the dashboard page named page 1 according to the dashboard of the user by default):

/Analytics/saw.dll? Dashboard&PortalPath=/users/user/_portal&page=page%201&action=navigate

Restrict access to the database for the upgrade of the application

Hi all
We're performing an upgrade of the application that requires us to perform a lot of scripts on our server Oracle EE 11.2.0.4.
This specific database has around a website based end and a front end based client, but it is also accessible on the network through TNS SQLPLUS/Toad, ODBC, JDBC etc.
For obvious reasons, the upgrade, I want to make sure that no one else that the DBA can access the database. Usually change us the listening port of 1521 to let say 1544. This prevents all access.
But now we run in a physical Data Guard with two Standby configuration so I don't really want to play with the listener ports. The upgrade must propagate changes from primary to Standby. I could interrupt them temporarily, but I would like to avoid that if possible.
Another way I thought would work was to stop the database and open it in restricted mode. But before that, I would need to grant the privilege of the Session to RESTRICT all users upgrade scripts using (around 5 users).
This approach using the restricted mode seems reasonable?
Other opinions would be much appreciated.
Thank you

This is exactly what restricted session is for. You can do online and then kill a session is currently connected. No need to stop:

orclz > alter system enable restricted session;

Modified system.

orclz > change system disable restricted session;

Modified system.

orclz >

How to restrict access to the network for customers in the lobby.

Hello

How is - this preferable to limit the access of the data ports in the lobby of the company for Internet access only? Although the hosts are not on the field, is it safe to allow them to reach the port of data?

I suggest setting up a vlan separate for these ports and usig dot1q on trunk this vlan to a DMZ interface dedicated or the subinterface on your firewall with an ACL that only allows access to the internet. That should do the trick.

Need to deny access to the file for the User Manager

Hello
I need be able to deny access to the file manager, as I don't want my client, deleting files. However, for some reason, I have to allow him access to what he should be able to download files via InContext Editor (he needs to link the pages to documents that are not on the server so he needs to download and do it, I have to grant access to the file manager). How can I get around this? I don't want to reupload the site whenever it deletes a file...

Unfortunately we can not do - file manager access to removal as well as download and at this stage that cannot be changed.

HOW to use the file/BLOB data temporary - email for multiple users... Please see code
Dear gurus
the code below works fine, he sends a good fixation to the first user, but to the 2nd user, it send blank (empty) file.
What I want, I have read the data from the source and enter the temporary BLOB and use the same data to send several users in the loop.

create or replace
PROCEDURE dba_ho.emailattacheulhr is
/ * LOB related operation varriables * /.
v_src_loc BFILE.
l_buffer RAW (54);
l_amount directory: = 54;
l_pos INTEGER: = 1;
l_blob BLOB: = EMPTY_BLOB;
l_blob_len INTEGER.
v_amount INTEGER.
/ * Related UTL_SMTP varriavles. */
v_connection_handle UTL_SMTP. CONNECTION;
v_from_email_address VARCHAR2 (200);
v_to_email_address VARCHAR2 (200);
v_cc VARCHAR2 (200);
v_smtp_host VARCHAR2 (50);
v_subject VARCHAR2 (500);
l_message VARCHAR2 (30000);
l_filename VARCHAR2 (4000);
CustNo number (8);
CNAME varchar2 (50);

cst slider is
Select a.EMAIL_ADDR, a.CARDHOLDER_NAME
Cust a
ORDER BY a.cust_no;

/ * This procedure of send_header is mentioned in the documentation * /.
PROCEDURE send_header (pi_name IN VARCHAR2, pi_header IN VARCHAR2) AS
BEGIN
UTL_SMTP. WRITE_DATA (v_connection_handle,
pi_name | ': ' || pi_header | UTL_TCP. CRLF);
END;

BEGIN
v_src_loc: = BFILENAME ('DIR_MMAIL', 'MAKPROM.pdf');
v_from_email_address: = '[email protected] ';
v_cc: = '[email protected] ';
v_smtp_host: = 'mailhost.mak.com ';
v_subject: = 'list of Promotion of Mak;
-l_blob BLOB: = EMPTY_BLOB;
/ * Prepare the LOB of attachment file. */
DBMS_LOB. OPEN (v_src_loc, DBMS_LOB. LOB_READONLY); -Read the file
DBMS_LOB. CREATETEMPORARY (l_blob, TRUE); -Create a temporary LOB to store the file.
v_amount: = DBMS_LOB. GETLENGTH (v_src_loc); -Amount to be stored.
DBMS_LOB. LOADFROMFILE (l_blob, v_src_loc, v_amount); -A temporary file in LOB loading
l_blob_len: = DBMS_LOB.getlength (l_blob);

Begin
CSE opened;

loop
extract the CSE in custno, v_to_email_address, cname;
When the output cst % notfound;

l_message: = 'Dear customer ' | UTL_TCP. CRLF;
l_message: = l_message | CNAME | UTL_TCP. CRLF;
l_message: = l_message | UTL_TCP. CRLF;
l_message: = l_message | "Thanks for choosing. Enclosed please find our current list of promotion for your review. '||
UTL_TCP. CRLF;
l_message: = l_message | UTL_TCP. CRLF;
l_message: = l_message | "Sincere friendships. UTL_TCP. CRLF;
l_message: = l_message | UTL_TCP. CRLF;
l_message: = l_message | UTL_TCP. CRLF;
l_message: = l_message | "To Mak' | UTL_TCP. CRLF;
l_message: = l_message | ' www.mak.com' | UTL_TCP. CRLF;

/ * Associated with coding UTL_SMTP. */
v_connection_handle: = UTL_SMTP. OPEN_CONNECTION (v_smtp_host, 25);
UTL_SMTP. HELO (v_connection_handle, v_smtp_host);
UTL_SMTP. MAIL (v_connection_handle, v_from_email_address);
UTL_SMTP. RCPT (v_connection_handle, v_to_email_address);
UTL_SMTP. RCPT (v_connection_handle, v_cc);

UTL_SMTP. OPEN_DATA (v_connection_handle);
send_header ("", v_from_email_address) ;--|| ("<>'");
send_header ("TO", v_to_email_address) ;--|| ("<>'");
send_header ('CC', v_cc);
send_header ('Subject', v_subject);

-MIME header.
UTL_SMTP. WRITE_DATA (v_connection_handle,
"MIME-Version: 1.0 ' |" UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
' Content-Type: multipart/mixed; ' || UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
"boundary =" ' | "'" Sample.SECBOUND' | '"' ||
UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);

-Body of the message
UTL_SMTP. WRITE_DATA (v_connection_handle,
'--' || "Sample.SECBOUND" | UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
' Content-Type: text/plain; "|| UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
'charset = US-ASCII' | UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle, l_message |) UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);

-Attachment of e-mail
UTL_SMTP. WRITE_DATA (v_connection_handle,
'--' || "Sample.SECBOUND" | UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
' Content-Type: application/octet-stream' |
UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
' Content-Disposition: attachment; ' || UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
"filename =" ' | "MakMail.pdf" | '"' || UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
' Content-Transfer-Encoding: base64' | UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);
/ * Write the BLOB into pieces * /.
While l_pos < l_blob_len LOOP
DBMS_LOB. READ (l_blob, l_amount, l_pos, l_buffer);
UTL_SMTP.write_raw_data (v_connection_handle,
UTL_ENCODE. Base64_encode (l_buffer));
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);
l_buffer: = NULL;
l_pos: = l_pos + l_amount;
END LOOP;
UTL_SMTP. WRITE_DATA (v_connection_handle, UTL_TCP. CRLF);

-E-mail nearby
UTL_SMTP. WRITE_DATA (v_connection_handle,
'--' || "Sample.SECBOUND" | '--' || UTL_TCP. CRLF);
UTL_SMTP. WRITE_DATA (v_connection_handle,
UTL_TCP. CRLF. '.' || UTL_TCP. CRLF);
UTL_SMTP. CLOSE_DATA (v_connection_handle);
UTL_SMTP. Quit (v_connection_handle);
-DBMS_LOB. FREETEMPORARY (l_blob);
-DBMS_LOB. FileClose (v_src_loc);

End loop;

EXCEPTION
WHILE OTHERS THEN
UTL_SMTP. Quit (v_connection_handle);
DBMS_LOB. FREETEMPORARY (l_blob);
DBMS_LOB. FILECLOSE (V_SRC_LOC);
dbms_output.put_line (SQLERRM); -try to print the error message.
END;
DBMS_LOB. FREETEMPORARY (l_blob);
DBMS_LOB. FileClose (v_src_loc);
End;

-end of code

Help, please.

Concerning

S.Garewal
This is what happens when you copy a code without understanding.
Take a look at the code here
```
/* Writing the BLOB in chunks */
WHILE l_pos < l_blob_len LOOP
DBMS_LOB.READ(l_blob, l_amount, l_pos, l_buffer);
UTL_SMTP.write_raw_data(v_connection_handle,
UTL_ENCODE.BASE64_ENCODE(l_buffer));
UTL_SMTP.WRITE_DATA(v_connection_handle, UTL_TCP.CRLF);
l_buffer := NULL;
l_pos := l_pos + l_amount;
END LOOP;
```
Discover the parameters of DBMS_LOB. READ.
For the first time it's good reading but your position and the quantity is not initialized when you loop and read again and is not read correctly.

Can I use symbolic links to share the file abook.mab for two users

If I delete all the user profile .mab files and replace it with a symbolic link pointing to the same file in the other profile will be what sync my address for two profiles books. I have win7.
The object is to have two user accounts Windows sharing the same e-mail data. I already have them show up on the same basis of messages.
I would like to know if deleting a .mab file will only cause it be re-created.
I hesitate to experiment.
Thank you

Remove files two default mab, abook.mab (PAB) or history.mab (collected addresses) will result in empty files with these names are automatically re-created on reboot of TB.

There are a few ideas for sharing here address books:

http://KB.mozillazine.org/Sharing_address_books

Why used to address changes Proxy stick of group policy for all users in Active Directory?

We re-installed the Customer Site Proxy on a BDC service, we published all the strategies of Active Directory for the new DC IP address group however for many users in Internet Explorer LAN settings always keep coming back to the old address when adding in group policy, any ideas of what we missed?

Hi MikeButterworth,

Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet forum.

http://social.technet.Microsoft.com/forums/en/itproxpsp/threads

How to restrict access to the drive of Wndows xp sp3?

I have 3 user account on my computer, it is has the administrator rights and the other is a standard user account.

I want to restrict access to all readers for the standard player.

I used gpedit.msc to enable the administrative model, but it also limits the account admin and me to access the road

OS: windows XP SP3

Please advice

Hi Utkarsh.Ranjan,

If you want to restrict access to a drive by using the Group Policy Editor, you can not apply for a particular user account. This will change for the user accounts.

You can't restrict access to the complete transmission. However, you can resrtict access to folders and files inside a car to a particular user.

Refer to the section "set, view, change, or remove special permissions for files and folders" in the following article and follow the steps to remove the authorization of the user access to the file/folder.

How to set, view, change, or remove special permissions for files and folders in Windows XP

Using filters Essbase to restrict access to OBIEE dashboards for multiple users

Similar Questions

Maybe you are looking for