To determines who has the ability to view data and objects, you can combine several parameters configuration on different security levels:
- Object Security: business logic security (repository) and catalog object security (presentation service),
- Data Security: column (include in the business logic security) and row security (through repository filter dependent of the login)
The security process is made up of two sub-process:
- authentication of the user. Is the user the right person ?
- authorization of the user. Has the user the right to:
- see this object (Object Permission on column, reports, …),
- see this data (Data Permission),
- perform this actions (Application Permission).
The security management in OBIEE is based on the use of this three variables :
Variable by security process:
|Object Authorization (and filter restriction)||x||x||x|
Variables are used to set up filters in the context of data security (in the repository).
More … OBIEE 11G - Security