Author Topic: Row level authentication  (Read 290 times)

Offline Nikhil Shenoy

  • Full Member
  • ***
  • Join Date: Sep 2017
  • Posts: 37
  • Forum Citizenship: +0/-0
Row level authentication
« on: 16 Jan 2018 10:39:59 pm »
Hi,

Currently I need to develop a landing page in Cognos 11.0.6 which will be linked to various saved Cognos reports/dashboards.
The scenario is that each employee should be able to see only those line items (in the saved reports) which are relevant to him based on some column identification. The saved reports/dashboards would be built on excel uploads too.
Is there any way by which we can build row level authentication in such a scenario?

Offline CognosPaul

  • Global Moderator
  • Statesman
  • *****
  • Join Date: Jan 2009
  • Posts: 1,619
  • Forum Citizenship: +249/-1
    • Paul's Cognos Blog
Re: Row level authentication
« Reply #1 on: 16 Jan 2018 10:56:31 pm »
There are a few ways of doing it.

Take a look at the macro functions, such as CSVIdentityName, and the session parameters. Between these you have a way to access the username, email, and any AD/Cognos groups and roles the user is associated with.

How do you plan on filtering what a user can see? Do you have a table that has username and the org the user is associated with?

Let's say each user has a single department ID. You should have a table that contains username and department. Create a parameter map based off of that. You can then create a filter on each of the metadata tables you need to secure that calls:

Code: [Select]
table.departmentID = #$parameterMap($account.personalInfo.userName)#
You can make it more or less complex as needed.

Offline Nikhil Shenoy

  • Full Member
  • ***
  • Join Date: Sep 2017
  • Posts: 37
  • Forum Citizenship: +0/-0
Re: Row level authentication
« Reply #2 on: 17 Jan 2018 12:31:09 am »
Currently the data set does not have any column which has user ID.
Many users are associated with 1 work group/1 purchase org, that will be available in the datasets.
For eg: 12 employees are working in Workgroup-A & 10 employees are working in Workgroup-B. The dataset will be having column with workgroup detail. Can we create authentication based on this?

Offline CognosPaul

  • Global Moderator
  • Statesman
  • *****
  • Join Date: Jan 2009
  • Posts: 1,619
  • Forum Citizenship: +249/-1
    • Paul's Cognos Blog
Re: Row level authentication
« Reply #3 on: 18 Jan 2018 10:14:29 am »
Do the users have the associations defined in AD groups?

Check out the macro function CSVIdentityNameList. It returns the nice name of all of the groups and roles associated with the user in a nice comma separated list.

Code: [Select]
#
sq(join(',',
grep('Users',
split('||',CSVIdentityNameList('||'))
)
))
#

In the above code it returns all of the groups, splits them into an array, finds all of the elements containing "Users", and returns a csv that you could use to filter on.

Code: [Select]
[Namespace].[Table].[Field] in (
#
join(',',
grep('Users',
split('||',CSVIdentityNameList('||'))
)
)
#)

Offline Nikhil Shenoy

  • Full Member
  • ***
  • Join Date: Sep 2017
  • Posts: 37
  • Forum Citizenship: +0/-0
Re: Row level authentication
« Reply #4 on: 24 Jan 2018 12:08:58 am »
Thanks! :D

 


       
Twittear