Skip to Content
0
Jul 15, 2019 at 02:39 PM

IDT Data Security Profile - Row Level Security not giving desired output

150 Views Last edit Jul 15, 2019 at 02:49 PM 2 rev

We’ve identified an issue with the implementation of the row level security a universe. We added multiple different restrictions (i.e. OpCo restrictions AND Category restrictions AND Buying Office restrictions) to the same account and found that the logic in the generated SQL is incorrectly using OR instead of AND. This causes data to be available to users that they should not be seeing.

Current observed logic: WHERE ( Category 1) OR ( Category 2) OR ( Opco 1 ) OR ( Opco 2 ) OR ( Buying Office 1) OR ( Buying Office 2)

Required logic is: WHERE (( Category 1 ) OR ( Category 2 ) ) AND ( ( Opco 1 ) OR ( Opco 2) ) AND ( ( Buying Office 1 ) OR ( Buying Office 2) )

I have tried all the 12 possible combinations of the Control and SQL Aggregation settings and the Row Restriction Aggregtion Settings in IDT but still not getting the required logic.

Could anyone please suggest a workaround to this?