To implement the filtering
for this example:
-
Create an information
map that includes the necessary data and relationships.
-
In SAS Information Map
Studio, open a new information map.
-
Insert the target table
and the security associations table as data sources. In this example,
the target table (ORGANIZATION_DIM) contains salary data, and the
security associations table (SECURITY_ASSOC) contains a representation
of the company's reporting relationships.
-
On the
Design tab, add the data items that you need from the ORGANIZATION_DIM
table (insert the SALARY, EMPLOYEE_ID, and EMPLOYEE_NAME columns).
Note: It is a good practice to
not create any data items from the SECURITY_ASSOC table.
-
On the
Relationships tab, join the two tables on EMPLOYEE_ID.
-
Save the new information
map to an appropriate folder.
-
To make SECURITY_ASSOC
a required table, select
EditPropertiesInformation Map. In the
Information Map Properties dialog box, select the
Required Tables tab.
In the
Available tables list, select the
SECURITY_ASSOC table. Use the arrow button to move the table to the
Required tables list, and then click
OK.
-
Create a filter that
subsets data by comparing each user's SAS.PersonName value to the
PARENT_EMPLOYEE_NAME values in the security associations table.
-
Select
InsertNew Filter to open the
New Filter dialog
box.
-
Enter a name such as
byPersonName
for the filter, and then click
Edit Data Item.
-
In the
Edit
Expression dialog box, select
Character
from the
Type drop-down list. On the
Data Sources tab, navigate to
Physical DataSECURITY_ASSOCPARENT_EMPLOYEE_NAME, and then
click
Add to Expression.
-
Click
Validate
Expression, and then click
OK twice.
-
In the
New
Filter dialog box, from the
Enter value(s) drop-down list, select
Derive identity values (for row-level
permissions). A table of identity-driven properties becomes
available.
Note: Make sure that the value
in the
Condition drop-down list is
Is equal to.
-
In the table of properties,
select the SAS.PersonName row.
-
Click
OK. The byPersonName filter is now available for use in the information
map.
-
Assign the filter as
a general prefilter:
-
Select
EditPropertiesInformation Map.
-
In the
Information
Map Properties dialog box, select the
General
Prefilters tab.
-
In the
Selected
filters box, select the SECURITY_ASSOCIATIONS table.
-
In the
Available
filters box, select the byPersonName filter.
-
Click the right arrow
button to assign the byPersonName filter to the SECURITY_ASSOC table,
and then click
OK.
-
Save the information
map.
Administrators can test
by logging on to SAS Information Map Studio and running test queries.
To verify that the filter is working as expected, log on using different
accounts. For example:
-
For a user who is not included
in the security associations table, no salaries should be retrieved.
-
For the president of the company,
all salaries should be retrieved. Note that by default only 100 rows
of data are returned when you test an information map.
-
For a mid-level manager, a subset
of salaries should be retrieved.
To run a test query
from within SAS Information Map Studio:
-
Select
ToolsRun a Test Query from the main menu.
-
In the
Test
the Information Map dialog box, use the arrow button
to add the
Salary and
Employee
Name items to the
Selected items box.
-
Click
Run
Test and then examine the data in the
Results dialog box.
-
To test using another
account, close the information map, and then select
FileConnection Profile from the main menu.
Note: In the secure configuration,
final verification must be performed from within SAS Web Report Studio.