❓Follow-up with Security Filters and Refers "To"
A coupe of week ago, I post this (also ticket 00095180 )
However now that the 17 novembre patch fixed the issue we finally resume testing on the security again. While the patch improved on the situation we have one edge case that seems strange : when a user end up with no value in the entity Etablissement in his security since there is no value in the cube for him in the security filter as shown bellow.
Then in that case the user is still be able to see the value at a consolidate level if there is a selection directly set into the layout and it is set using a "TO".
In this case, it's less of an issue than before, as I can add a dummy Etablissement and calculate the security for it, but it seems strange to me as behavior as some with 0 sees more data (in this case the whole group) than some with 1 Etablissement .
And it seems strange to have to go through extra steps every time you do filters security to check for that case and add dummy members.
I asked support about it and they mention that "When utilizing a cube for security settings, it is imperative that the cube contains values. you cannot have a selection with zero elements. To maintain the effectiveness of your security measures, we kindly request that you review and update your cube configurations to ensure that each selection within the cube contains valid and appropriate values. "
So like last time, I found it would be useful to share the information with fellow members of the community. And also get your opinion about it!
Answers
-
@Nicolas CHIGROS, Thank you for sharing this information.
So if I understand it correctly, you need to think of all scenarios a User will do selections, because if they end up with 0 selections in an Entity that is Security based, the User will see all data on higher level?
Let's say you have access to one Establissement, and there's data presented on the screen, for that Establissement, the Security will work.
But if you do selection on a Month, and that Month does not contain data for you Establissement, then you can see data on all other Establissement for that Month?0 -
@Samir Jones, no :)
Sorry my explanation wasn't clear.
My customer process is :
- User is created in the Subscription Hubs.
- Subscription Hubs "Sync to data models" the Users and server Roles
- Administrator of the application go into a screen and check "Etablissement" that the user has access to.
Cube at step 3 has 2 dimensions Users and Etablissement and is use in the security filters.
But If you stop at step two for some reason and the user login into the server you get the result I was talking about, he can't see Etablissement values. But any layout with a "TO" in layout selection display group data.
I hope it's clearer this time :D
0 -
@Nicolas CHIGROS, thank you for the clarification. :-)
1