on 07-15-2019 3:39 PM
We’ve identified an issue with the implementation of the row level security a universe. We added multiple different restrictions (i.e. OpCo restrictions AND Category restrictions AND Buying Office restrictions) to the same account and found that the logic in the generated SQL is incorrectly using OR instead of AND. This causes data to be available to users that they should not be seeing.
Current observed logic: WHERE ( Category 1) OR ( Category 2) OR ( Opco 1 ) OR ( Opco 2 ) OR ( Buying Office 1) OR ( Buying Office 2)
Required logic is: WHERE (( Category 1 ) OR ( Category 2 ) ) AND ( ( Opco 1 ) OR ( Opco 2) ) AND ( ( Buying Office 1 ) OR ( Buying Office 2) )
I have tried all the 12 possible combinations of the Control and SQL Aggregation settings and the Row Restriction Aggregtion Settings in IDT but still not getting the required logic.
Could anyone please suggest a workaround to this?
Hi Pritha,
sorry I didn't noticed you needed the OR. You should then try the opposite, but I also suggest to reivewi the restrictions (in order to make one restriction, and not to combine them).
Regards
Daniele
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Daniele
Thank you for your response.
I have set the Control and SQL Settings Aggregation as well as the Row Restriction Aggregation to 'AND' but this is the output that I am getting -
WHERE (( Category 1 ) AND ( Category 2 ) ) AND ( ( Opco 1 ) AND ( Opco 2) ) AND ( ( Buying Office 1 ) AND ( Buying Office 2) )
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.