Preliminary Tasks

  1. If you need comprehensive security, set up the secure configuration. See Secure Environment for BI Row-Level Permissions.
  2. Make sure that appropriate table-level and information map-level controls are in place in the metadata layer.
    Coarse-Grained Controls
    Access
    Target Table
    Information Map
    All rows
    Grant Read, ReadMetadata
    Grant Read, ReadMetadata
    No rows
    Deny Read, ReadMetadata
    Grant Read, ReadMetadata
    Some rows
    Grant Read, ReadMetadata
    Grant Read, ReadMetadata
    Note: The grants for the "No rows" users are necessary only if those users access other tables through the information map.
  3. Plan how you will create the data subsets that will narrow access for each user. Your choice will be affected by the number and type of access distinctions that you are making, the information that your data already contains, and your plans for enhancing your existing data to support row-level filtering.
    Note: In a situation in which multiple filters (multiple distinct permission conditions) apply to a particular user as a result of the user's group memberships, the subset of data that is available to that user is determined by identity precedence. See Precedence Considerations.
Copyright © SAS Institute Inc. All rights reserved.