Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
.png "Former Employee"){kind=icon}
Basically it is pretty much exactly like described in the blog post.
First, maintain the authorization table using generic symbols, like
Then load it like described in the blog post. You need to create a composite key of Product and Country from the table where these two exist, most likely the most detailed fact table.
HIC
After a long time, I would like to come back to this topic again.
My problem is, that the section access is working, but only with a dirty workaround. I solved the problem by giving my own admin user rights for each and every entry in the access table, too, instead of using <VIEW_ALL> or <ANY>.
So the table looks like
User PARTY_ID TERRITORY_ID
A 1 a
A 2 a
B 2 b
C 2 b
C 2 c
(me) 1 a
(me) 2 b
(me) 2 c
Also, my data model does not look like the ones I saw here in the community. I have two reducing fields, but the data that is connected to those reducing fields are not connected. Hope that this is understandable.
So there are two bridge tables from the SECTION_ACCESS table to the data model, one for each part of the application. The data for each part is not connected, so the user either works on one sheet of the application with PARTY_ID related data or on another sheet of the application with TERRITORY_ID related data.
Question is now, how can I set up the section access correctly, so that my admin user does not need access to each and every single entry in the section access? Please be aware that a user can have access to e.g. 18 PARTY_IDs and only 2 TERRITORY_IDs.
Thanks.
I'm still having issues with the section access. I received a ticket that a user can only see 200 instead of 600 parties. As I still needed to redesign the SA, I did the following:
I removed both VIEW_ALL_TABLES that served as a bridge between SA and data.
That is the SA relevant code:
party_tmp:
LOAD
num#(PARTY_ID) as PARTY_ID
FROM ..\QVD\customers.qvd (qvd);
territory_tmp:
LOAD
TerritoryId as TERRITORY_ID
FROM ..\QVD\territory.qvd (qvd);
SECTION_ACCESS:
LOAD * INLINE [
ACCESS,NTNAME,PARTY_ID, TERRITORY_ID
ADMIN,DOMAIN\FUNC.QVTISE, *, *
ADMIN,DOMAIN\NAME1, *, *
ADMIN,DOMAIN\NAME2, *, *
....
];
concatenate(SECTION_ACCESS)
load distinct
if ([PARTY_ID_all]=1,'ADMIN','USER') as ACCESS,
NTNAME,
if ([PARTY_ID_all]=1,'*',num#(PARTY_ID)) as PARTY_ID,
if ([PARTY_ID_all]=1,'*',UPPER(TerritoryId)) as TERRITORY_ID
FROM ..\QVD\ACCESS_TABLE.qvd (qvd)
where NTNAME<>'*';
Trace Write SectionAccess;
section access;
LOAD
UPPER(ACCESS) as ACCESS,
UPPER(NTNAME) as NTNAME,
PARTY_ID,
UPPER(TERRITORY_ID) as TERRITORY_ID
resident SECTION_ACCESS;
section application;
drop table party_tmp;
drop table territory_tmp;
That is how it looks like (excerpt)
| ACCESS | NTNAME | PARTY_ID | TERRITORY_ID |
| ADMIN | DOMAIN\VIEW_USER@COMPANY.COM | * | * |
| ADMIN | DOMAIN\FUNC.QVTISE | * | * |
| USER | DOMAIN\USER@COMPANY.COM | 5323183 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323186 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323187 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323188 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323189 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323199 | 23TD00000000FLVMA4 |
| USER | DOMAIN\USER@COMPANY.COM | 5323204 | 23TD00000000FLVMA4 |
Data model change:
New issue is now, that when I reload via MMC, the ADMIN users are locked out the document, normal users can access it. What might be the issue?
Thanks,
Jens