Framework data permission Analysis 1 using the built-in FM mechanism to achieve row-level data security

1: Environment

Cognos10.2.0, Oracle

2: Implementation Process

When setting framework data-level permissions, you usually need to add a security filter to the place where FM sets data security, as shown in figure

Step 1: select a department dimension table → operate → specify data security

Step 2: Go to the settings page and add user groups or roles in your user space.

 

 

The following describes the meaning of the annotations from 1 to 6.

Bytes ------------------------------------------------------------------------------------------------

1 ~ 2: The representative does not set any filters for the administrator and general manager, that is, they are unobstructed.

3, 5, and 6: grant department 1, Department 2, and department 3 permissions.

4: do not grant the finance department manager the permission to view business data. Set an expression with the filter expression always false.

PS: if there are other groups of users who cannot access this data, perform the same operation as 4.

Bytes --------------------------------------------------------------------------------------------------

After the preceding operations, save the published data packet to Cognos connection and view the report again. Then, users with different roles can log on and view the data of different departments, this article sets permissions for dimension tables, so all fact tables associated with this dimension will play a role that users in different departments can only view report data within their permission range.

3. Comparison of advantages and disadvantages

Advantage: the process is simple. It only depends on dimension tables in the data warehouse and user groups that have been verified by cjp.

Disadvantage: After completing the settings, we find that the permission management configured in this way requires access to this data in the future process of organizational relationship changes, for example, adding a role to access this data, to add a user to access this data, you need to manually add a user or role to the FM model file. This is highly unlikely for a non-Cognos professional. If a user encounters a similar problem and finds our related developers to remotely or to the site for handling, the maintenance cost of our system is greatly increased. Of course, this situation is something we don't want to see, next, we will continue to find a perfect solution to this problem.

 

Framework data permission Analysis 1 using the built-in FM mechanism to achieve row-level data security