Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hide sensitive attribute data and make the infoobject unavailable to some BEx report writers

Former Member

‎04-23-2012 4:30 PM

0 Kudos

How do you set up BW security to not display all of the attributes for users with limited access?  For instance in BW ,0EMPLOYEE has an attribute "ethnic origin", which is sensitive data.  Not all report writers should be allowed to see that attribute about an employee. The employee infoobject is used in many infoproviders, and currently any user can display its attributes and view an employee's ethnic origin. 

I want to make it so some users never see the sensitive fields, while other users can access to all data.  So if a users with restricted access were to build a BEx query designer report, the sensitive attributes for 0EMPLOYE would not even be visisble.  Any ideas?

thanks,

LLK

4 REPLIES 4

Former Member

‎04-25-2012 8:32 AM

0 Kudos

Hi Linda,

I believe the attribute "ethnic origin" is a display attribute for characteristics 0EMPLOYEE and hence visible to all users with access to the characteristics. I think you should change this attribute to a navigational attribute for 0EMPLOYEE and include the same in the infoproviders as auth relevant. This should allow you to independently restrict the navigational attribute via Analysis authorization or filter the same in query designer.

Hope this helps

Sandipan

Message was edited by: Sandipan Choudhury

Former Member
In response to Former Member

‎05-03-2012 6:33 PM

0 Kudos

Sandipan,

After I make 0ETHN_ORIG navigational in 0EMPLOYEE and the info providers with 0EMPLOYEE in them, what is my next step?  Do I create an analysis auth object on 0EMPLOYEE or on 0ETHN_ORIG? 

I think I need to put the ":" in the analysis auth object, because users either get to see all values or not even see the field.  Please help me with the next steps.

thanks,

Linda

Former Member
In response to Former Member

‎05-04-2012 8:52 AM

0 Kudos

Hi Linda,

If you are on BI 7.x, then navigational attribute of  0ETHN_ORIG on 0EMPLOYEE will look like 0EMPLOYEE_0ETHN_ORIG, which is a separate entity altogether and you can use them in your analysis authorization just as any other auth relevant characteristics restricted to the required values.

Please make sure that in your navigational attribute, 0ETHN_ORIG is made auth relevant (mandatory) otherwise the nav attribute will malfunction.

Should you have any questions, please do let me know.

Thanks

Sandipan

Message was edited by: Sandipan Choudhury

Former Member
In response to Former Member

‎01-08-2014 5:37 AM

0 Kudos

Hi Linda,

I have the same issue now and just wondering if the issue was fixed?

could you please share your solution? thanks

Regards

Jia