Previous Page | Next Page

BI Row-Level Permissions

About BI Row-Level Permissions

BI row-level permissions limit access to SAS data and third-party relational data when it is accessed through an information map. The initials BI indicate that this is a business intelligence feature. BI row-level permissions are defined in information maps, mediated and enforced by SAS Intelligent Query Services, and surfaced when reports are viewed in applications such as SAS Web Report Studio.

CAUTION:
BI row-level permissions are defined within information maps, so these constraints do not provide comprehensive security for the underlying data sources. A user who accesses the data directly is not subject to the filters that are defined within information maps.

BI row-level permissions provide filtering whenever a SAS data set or third-party relational data is accessed through an information map. However, comprehensive security that incorporates this filtering requires a high-security configuration of SAS Web Report Studio. See Preliminary Tasks.  [cautionend]

The following figure depicts how BI row-level permissions are incorporated when a report is generated. In the figure, a user requests access to a report that includes data for which row-level permissions have been defined dynamically. See Identity-Driven Properties. For each step of the report-generation process, the figure depicts the access control activities in the metadata layer.

Report-Generation Process

[Report-Generation Process]

The overall flow is the same as for any other report: the report definition and underlying information map are processed, a query is generated to retrieve the data, and the report is displayed. These are the row-level security aspects of the process:

See Also

Fine-Grained Controls for Data

Filtering Techniques for BI Row-Level Permissions

How to Implement BI Row-Level Permissions

Previous Page | Next Page | Top of Page