 |
|
| BI Row-Level Permissions |
Filtering Techniques for BI Row-Level Permissions
To ensure that target data is prescreened by a filter before any other criteria are applied, incorporate that filter into an information map as a prefilter. Use one of these methods:
-
To use a filter as an authorization-based prefilter, assign it to users or groups as part of an information map's access controls. The filter is evaluated as a permission condition. See Authorization Decisions.
-
To use a filter as a general prefilter, attach it to an information map as part of the information map's properties. The filter applies to everyone. The filter functions as an additional restriction and operates independently of any access controls that might grant broader access.
Both methods support dynamic filters. See Identity-Driven Properties.
| Filter | Method | Typical Usage |
|---|---|---|
| Identity-driven | Authorization-based | Per-person access distinctions for every member of a particular group. You create one identity-driven filter and assign it to a group. For example, each user in GroupA can see his or her own salary information. |
| General | Per-person access distinctions for everyone. You create one identity-driven filter and attach it directly to the information map (not to any particular user or group). For example, everyone can see his or her own salary information. | |
| Static | Authorization-based | A few distinct subsets. You create a different filter for each subset and assign each filter to a different group. For example, each user in GroupA can see sales totals for the West region; each user in GroupB can see sales totals for the East region. |
| General | One fixed subset for everyone. This is not a row-level method because it does not yield different results for different users. For example, everyone can see global sales totals. |
See Also
|
BI Row-Level Permissions, Identity-Driven Properties, and Missing Values |
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.