Wednesday, 16 November 2016

Hide an Object (Object Level Security)

At times, hiding an object to users is required. For example, only managers should have access to a certain table. Using data level security/filtering can still prevent viewing the data, but the users can still see the object.
To add object level security, select the object from Framework Manager, open Actions from Menu, and choose Specify Object Security. A pop up window will appear where the object security can be edited.
There are things one need to consider however when using object level security. The first is that when you add object level security, everyone is denied access to the object EVEN SYSTEM ADMINISTRATORS. Those who have access to the objects needs to be explicitly specified.
In this example below, I denied the System Administrators access to table Table2 and gave Everyone access to Table 1.

object_level_security_tables
In Report Studio, even a System Administrator will not be able to access Table2.

report_studio

Please note that if a user belongs to more than 1 role or group, and one of those groups are denied access, the user WILL BE DENIED ACCESS as well. All the groups the user belongs to should have access for a user to gain access to an object with object level security. For any conflicting security access, the deny access will have priority.


No comments:

Post a Comment