IDT Data Security Profile - Row Level Security not...

former_member620083 · ‎07-15-2019

We’ve identified an issue with the implementation of the row level security a universe. We added multiple different restrictions (i.e. OpCo restrictions AND Category restrictions AND Buying Office restrictions) to the same account and found that the logic in the generated SQL is incorrectly using OR instead of AND. This causes data to be available to users that they should not be seeing.

Current observed logic: WHERE ( Category 1) OR ( Category 2) OR ( Opco 1 ) OR ( Opco 2 ) OR ( Buying Office 1) OR ( Buying Office 2)

Required logic is: WHERE (( Category 1 ) OR ( Category 2 ) ) AND ( ( Opco 1 ) OR ( Opco 2) ) AND ( ( Buying Office 1 ) OR ( Buying Office 2) )

I have tried all the 12 possible combinations of the Control and SQL Aggregation settings and the Row Restriction Aggregtion Settings in IDT but still not getting the required logic.

Could anyone please suggest a workaround to this?

daniele_tiles2 · ‎07-16-2019

Hi Pritha,

sorry I didn't noticed you needed the OR. You should then try the opposite, but I also suggest to reivewi the restrictions (in order to make one restriction, and not to combine them).

Regards

Daniele

daniele_tiles2 · ‎07-15-2019

Hi Pritha,

have you tried setting the restriction as "Very Restrictive"?

It it doesn't work, than I would suggest you to create a restriction specific, which has already in the definition the criteria (instead of applying multple restrictions to the same group/user).

HTH

Daniele Tiles

IDT Data Security Profile - Row Level Security not giving desired output

Accepted Solutions (0)

Answers (2)

Answers (2)

How to use CopyProvider on Table created by TypeSc...

How to execute/fire onPost when user press enter o...

Re: Connecting SAP CAP with SAP Cloud ALM

Re: How can assign in Identity Authentication Serv...

Re: Are there plans to update the Spring framework...