cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BO Universe / CMC : How to set up overlapping row level security profiles ?

bernie_whitcroft
Discoverer

on ‎06-28-2018 2:27 AM

0 Kudos

Hi, I’m using BO 4.2 CMC and Universe Design Tool (UDT) and trying to implement two distinct, but linked row level security profiles. However it’s not working so far and I’m stumped.

Example : A user may be able to access one or more Colours, and one or more Sizes. But access should overlap between Colour and Size.

So if a User is granted access to Blue and Red, and Sizes 2 and 3, this means no access to Yellow, nor size 1.

CMC user/group config:

Universe config : I selected to ‘Combine row restrictions using AND within group hierarchies and OR between groups as follows.

However this resulted in OR statements throughout.

Ie. Access to (Red or Blue OR Size 2 or size 3)

This unfortunately allows access to all sizes and all colours.

What I need is (Red or Blue) AND (Size 2 or Size 3)

No such option seems to exist, so any help on how to configure this is much appreciated.

Please note the complex Universe is old style UNV, accessed via UDT. Converting to UNX is not really an option (should there be an easier solution in IDT ?!)

BTW, from what I have been reading elsewhere, I may have to duplicate the three Size groups into a sub hierarchy level of each of the Colour groups – not tried yet, but this would give 9 sub group combinations and seems overly complicated and messy, especially when more colours and sizes come along.

Thanks, Bernie.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member182521
Active Contributor
‎06-28-2018 8:33 AM
0 Kudos

Instead of managing color & Size (Color Access & Size Access groups ) in separate hierarchy, Did you tried to organize everything under Universe Row Level Access and see how it behaves?

Thanks

Mani

Show replies
Show replies
bernie_whitcroft
Discoverer
‎06-28-2018 11:48 PM
0 Kudos

Hi, yes the Universe row level access is the second part of the set-up. I didn't paste that screenshot into the question.

In the UDT Universe, Tools -> Manage Security -> Manage Access restrictions I link the CMC groups I've set up (shown in original question) with the SQL restrictions I created.

eg. I create a restriction called 'Colour Blue', that states 'ColourTable.Colour = 'Blue', then assign that to the 'Colour - Blue' user group set up in CMC.

Similarly, restrictions on Size are set up in the Universe with another 'Universe Row Restriction' set up as :

'SizeTable. Size = 'Size - 1' which is then applied to the CMC group called 'Size - 1'.

This is how I leverage the user groups set up in the CMC for row level security assignment in the Universe.

Is there another way of doing this that I have not come across ?

Maybe you could give an example of what you mean by 'organize everything under Universe Row Level Access' ?

Please note : I do need to leverage off the CMC user groups as the users are assigned automatically into 'security' groups that the BO server picks up and aligns to CMC groups. I can not reference individual UserIDs in the Universe.

Thanks for any assistance you, or anyone else can give as this is becoming urgent.

Ask a Question