cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deny Direct URL access (Bex Web Application Query String iview)

Former Member

on ‎03-02-2010 1:00 PM

0 Kudos

Hi,

We would like to know how you can deny direct url access to a Bex Web Application Query iview.

Problem: When a user with not much rights, logs on to the portal and he inserts the full url of a query iview of an user with a lot of rights, he can directly access the iview and request all information.

This is not acceptable.

We want to deny this direct url access to this iview, when the user has not enough rights.

How can we resolve this problem?

Can this be done by only permissions (role/group ..) or do we need to use security zones or ..?

How can we configure this?

Regards,

Miranda

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-03-2010 6:29 AM
0 Kudos

HI Lienden,

Once u create URL iview and assign the user . He can acess the iview with suffient permissions at both ends.

User can't create any iview by his own without having content admin role.

1.Check that user has content admin role .

2. create Bex iview ,don't create URL iview for bex report . When user clicks on bex report he won't get any URL , only report he can view.

Regards,

Surekha .

Show replies
Show replies
Former Member
‎03-03-2010 8:31 AM
0 Kudos

Hi Surekha,

Thanks for answering, but unfortunately this does not answer my question:

The problem is: when a user knows the direct url of a bex report, he can copy/paste it in the portal url (after logon to the portal) and access this report. He should not be allowed, because this url is from an other user who has more rights.

We want to prevent this user from accessing this url directly.

He should get an access denied...

The iviews for the user with more rights have been checked and the other user has no rights there.

Both users have other portal roles and also other groups. They also have other BW roles.

Does anyone have any idea, how we can prevent from this user using a direct url to the bw report?

Thanks!

Regards,

Miranda

Former Member
‎03-03-2010 8:49 AM
0 Kudos

Hi Miranda,

In this case 2 ways are there .

1. restrict authorizations at the backend (BI system for particular users those who don't want to access in portal ex: company code : 2000 restirct that auth)

2. When u publish the BI report in portal ,hide the URLs ,just display the reports ,based on the relevent authorizations users can access the reports.

a). Instead of creating n number of Bex iviews upload the role from BI system . That particular reports won't give bex URL.

b). create KM navigation iviews for BI reports restrict from the user there .

Finally in ur case user may copy the URL of bex iview and paste when he logs in in portal .,eventhough the report gives access based on the backend permissions .

Discuss with BI experts to restrict the particular reports to particular users.

Regards,

Surekha .

Former Member
‎03-03-2010 9:21 AM
0 Kudos

Hi ,

It is the security flaw of url iviews .Anyone can see content of other users who had more authorizations also if their url known.

so there is no way of restricting url iviews as per your requirement .

Regards,

Koti Reddy

Ask a Question