Report Generation Process
The following figure depicts
how BI row-level permissions are incorporated when a report is generated.
In the figure, a user requests access to a report that includes data
for which row-level permissions have been defined dynamically. For
each step of the report-generation process, the figure depicts the
access control activities in the metadata layer.
The overall flow is
the same as for any other report: the report definition and underlying
information map are processed, a query is generated to retrieve the
data, and the report is displayed. These are the row-level aspects
of the process:
-
The information map includes a filter that is assigned to a particular metadata identity. This example uses an identity-driven property in a filter that is based on each group member's employee ID. The filter is assigned to a group to which Joe belongs. At run time, SAS Intelligent Query Services uses information from the metadata repository to substitute Joe's employee ID into the filter. The resolved, user-specific form of the filter is incorporated into the generated query. The filter is used to screen the target table before the rest of the generated query runs.
-
The target data includes information that corresponds to the filter. In this example, the corresponding information consists of user-specific employee ID values in the EmpID column within the Orders table. The data server uses these values to filter the data as specified in the query that was generated by SAS Intelligent Query Services.