Hi Thomas, good morning.
Let me share with you how we are using macros to apply general security in Data Module.
1) We use to create user roles with some business key inside the role name. In one of our projects for instance we use Brazilian city code like below:
prefeitura-3305802_teresopolis is the user role name for users from the city Teresópolis near by Rio.prefeitura means prefecture and identifies that this is a city role
teresopolis is the name of the city and it is here only for visual identification purposes
3305802 is the code itselt that we use in the where sql clause
2) We use a general user role for all users of this application that is used by Cognos to apply the security macro for city users only.
3) We put an expression as security filter that combines fact city key (SK_MUNICIPIO) and the user roles, extracting the city code from the user role. Like below:
SK_MUNICIPIO in (#join(';', substitute("prefeitura-", '',substitute('''', '', substitute('''', '', array('9999999999', grep('''prefeitura-', array(split( '_' , array(split(',', CSVIdentityNameList(',') + '$'))))))))))#)
4) And the magic is done.
5) But Cognos was duplicating this macro several times impacting overall performance. Now we know the reason and that problem will be solved when we upgrade for new releases.
Hope this technique help you in your future projects.
------------------------------
Jorge Moura
------------------------------
Original Message:
Sent: Wed June 09, 2021 04:38 AM
From: Thomas van der Meer
Subject: Data security - Data Module
Hi Ian, Jorge,
I never knew that reloading the metadata was the cause of duplication of filters. Glad I know this now and that this bug is fixed. I only have to manually delete the duplicates one more time.
@Jorge Just curious how you use a single macro based on user roles to apply security to your secured tables.
In Framework Manager you can use parametermaps, but in Data modules they don't exist. So you can not use the function:
CSVIdentityName ( %parameter_map_name )
------------------------------
Thomas van der Meer
Original Message:
Sent: Tue June 08, 2021 06:00 PM
From: Jorge Moura
Subject: Data security - Data Module
Hi Ian,
Today we took a more detail look to this issue and we found out that security entries are duplicated every time we reload metadata and your post confirmed our observations.
As we use a single macro based on user roles to apply security to our secured tables (around 50 are secured) it will not be a very hard work to delete duplications manually every time we need to reload.
But tomorrow we will test the workaround you suggested: clear and reload.
Tks a lot for your post.
------------------------------
Jorge Moura
Original Message:
Sent: Tue June 08, 2021 01:17 PM
From: IAN HENDERSON
Subject: Data security - Data Module
I would like to confirm my understanding about what actions you performed prior to your observation of the duplicated security filters.
There was a bug in 11.1.x, which was fixed in 11.1.4, in which the security filters would be duplicated if you reloaded the metadata of the schema. There is a manual step of removing the duplicated security filters which needs to be performed. Interestingly, if you cleared the schema's metadata and then reloaded the security filters would not be duplicated.
I have not been able to find any other defect where the behaviour you are observing happens.
Keep in mind that security filters are built into the metadata and reloading the metadata will cause the security filters to be removed. There is a message to that effect when you try to do that.
------------------------------
IAN HENDERSON
Original Message:
Sent: Tue June 08, 2021 09:23 AM
From: Thomas van der Meer
Subject: Data security - Data Module
Hi Jorge,
I also experienced this behavior in version 11.1.2. I did not find a solution. Now we have upgraded to 11.2.0. When I open the datamodule I still see duplicates.
Be also aware that if multiple filters are applied, the filters used will have an AND condition.
------------------------------
Thomas van der Meer
Original Message:
Sent: Mon June 07, 2021 07:43 PM
From: Jorge Moura
Subject: Data security - Data Module
Hi Everyone,
We are implementing data security in Data Module. We are doing that at Data Source level by adding users roles and respective data filter for each role.
But Cognos for some reason that we aren´t able to explain is duplicating the same Data Security entry several times.
I would like to know if someone has experienced that behavior and what could be the solution.
Our version is 11.1.2 - zLinux (Main Frame).
Tks in advance.
Jorge Nelson
------------------------------
Jorge Moura
Megadata
Brazil
------------------------------
#CognosAnalyticswithWatson