on 03-02-2010 1:00 PM
Hi,
We would like to know how you can deny direct url access to a Bex Web Application Query iview.
Problem: When a user with not much rights, logs on to the portal and he inserts the full url of a query iview of an user with a lot of rights, he can directly access the iview and request all information.
This is not acceptable.
We want to deny this direct url access to this iview, when the user has not enough rights.
How can we resolve this problem?
Can this be done by only permissions (role/group ..) or do we need to use security zones or ..?
How can we configure this?
Regards,
Miranda
HI Lienden,
Once u create URL iview and assign the user . He can acess the iview with suffient permissions at both ends.
User can't create any iview by his own without having content admin role.
1.Check that user has content admin role .
2. create Bex iview ,don't create URL iview for bex report . When user clicks on bex report he won't get any URL , only report he can view.
Regards,
Surekha .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Surekha,
Thanks for answering, but unfortunately this does not answer my question:
The problem is: when a user knows the direct url of a bex report, he can copy/paste it in the portal url (after logon to the portal) and access this report. He should not be allowed, because this url is from an other user who has more rights.
We want to prevent this user from accessing this url directly.
He should get an access denied...
The iviews for the user with more rights have been checked and the other user has no rights there.
Both users have other portal roles and also other groups. They also have other BW roles.
Does anyone have any idea, how we can prevent from this user using a direct url to the bw report?
Thanks!
Regards,
Miranda
Hi Miranda,
In this case 2 ways are there .
1. restrict authorizations at the backend (BI system for particular users those who don't want to access in portal ex: company code : 2000 restirct that auth)
2. When u publish the BI report in portal ,hide the URLs ,just display the reports ,based on the relevent authorizations users can access the reports.
a). Instead of creating n number of Bex iviews upload the role from BI system . That particular reports won't give bex URL.
b). create KM navigation iviews for BI reports restrict from the user there .
Finally in ur case user may copy the URL of bex iview and paste when he logs in in portal .,eventhough the report gives access based on the backend permissions .
Discuss with BI experts to restrict the particular reports to particular users.
Regards,
Surekha .
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.