Assumptions and Data Model

This example demonstrates how a company could use row-level permissions to manage access to employee data. The example includes these assumptions:
  • The target tables are registered in the metadata repository.
  • Except where otherwise noted, users have Read permission for the information maps that they are using.
  • The data model is a star schema that contains employee and customer data. The security associations table includes both direct and indirect reporting relationships.
  • The company has set up the secure configuration. See Secure Environment for BI Row-Level Permissions.
In this example, the business requirement is to enable managers to see salary information for their employees. One way to meet this requirement is to use the SAS.PersonName property. The following figure depicts this process for a requesting user who is a high-level manager in the organization.
Salary Example: Data Model
Salary Example: Data Model
Each requesting user's PersonName is used to filter the security associations table. This yields a subset that includes only those rows with employees who report (directly or indirectly) to the requesting user. That subset is inner joined to the target table to limit retrieval of salary information.
Copyright © SAS Institute Inc. All rights reserved.