SAS/EIS Software: Administrator's Guide |
|
Controlling Access to Your Applications' Data |
You
can define data access restrictions for groups of users on each existing
metabase registration. For each combination of group and registration, you
can do the following:
- deny access to the entire table
- drop or keep hierarchies
- drop or keep ANALYSIS/COMPUTED
columns
- hide ANALYSIS columns
- drop or keep CATEGORY columns
- drop or keep hierarchy levels
- set
initial drill levels
- drop or keep statistics for individual ANALYSIS/COMPUTED columns
- drop or keep data values and
totals
- hide the special Total value
- hide or show data values
- define initial drill
subsets
Below are some guidelines to follow when
you assign access using the Drop, Keep, and Hide tags in your access lists.
- Drop columns or hierarchies to remove them from any reports and
selection windows for the users in the selected group. Keep columns or hierarchies
to display only those in any reports or selections windows.
- Drop data values to remove them from the report and any selection
windows. The dropped data values will not be included in the summarization
process. Keep data values to make sure only the selected data values are
being used in the report, even if data values are being added to the database.
Although you can define a mix of Drop and Keep tags, the Keep tags will
always take precedence over the Drop tags.
- Hide ANALYSIS columns to remove them from reports and selection
windows, but have them available internally as input to COMPUTED columns.
- Hide data values and the special Total values to remove values
from the report and any selection lists but include them in the summarization
process.
- Set Initial hierarchy levels and data values to define an initial
drill status.
|
Removing Columns from Your Applications |
You can use access
control to dynamically remove columns from
users' reports. Reports built using columns that are denied for a given group
of users will not display those columns when a user of that group runs the
report. Also, when users build reports using a restricted metabase registration,
the columns denied to them will not be available for selection.
Before you begin
- Make sure that the data used in your applications is available
in your session. Data access control restrictions are assigned to metabase
registrations. Make sure that you assign your access control definitions
to the same registrations used in your applications.
- Activate access control.
Then, follow these steps:
- Open
the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional
Applications group.
When you are prompted to do so, type the access control key.
- In the Access Control Setup window, select Access
Control List Definition and Data Access Control.
- In the Data Access Control Definition window, select a group and
a metabase registration. Then, select column names in the Dimensions list
box and use either the pop-up menu or from the menu bar select
Actions |
|
Set Dimension Tag |
to complete one of the following tasks:
- drop or keep CATEGORY columns. Removing CATEGORY columns also
removes them from any hierarchies to which they belong.
- drop or keep ANALYSIS/COMPUTED columns. You might want to remove
an ANALYSIS column from the report but still have it available as part of
a COMPUTED column. To do this, select Hide instead of Drop. The Hide tag
prevents the user from seeing or selecting the column, but the column is still
available for calculating COMPUTED columns.
- drop or keep statistics for individual ANALYSIS/COMPUTED columns.
For each analysis column, you can select the set of statistics to be made
available to users.
- drop or keep hierarchies. The CATEGORY variables that make up
a hierarchy are still available to users for display and selection.
- drop or keep hierarchy levels. The CATEGORY variable that makes
up a hierarchy level is still available to users for display and
selection.
Note: Dropping a
column removes it from the reports. Keeping columns
removes from the reports all columns except those tagged with the Keep tag.
Although you can define a combination of Drop and Keep tags in an access list,
Keep tags always have precedence over Drop tags.
|
Subsetting Data for Your Applications |
You
can use access control to exclude data from the reports for groups of users.
Before you begin
- Make sure that the data used in your applications is available
in your session. Data access control restrictions are assigned to metabase
registrations. Make sure that you assign your access control definitions to
the same registrations used in your applications.
- Activate access control.
Then, follow these steps:
- Open
the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional
Applications group.
When prompted, type the access control key.
- In the Access Control Setup window, select Access
Control List Definition and Data Access Control.
- In the Data Access Control Definition window, select a group and
a metabase registration. In the Dimensions list box, select the name of
a CATEGORY data column. To populate the Levels
list with the unique data value of that column, either double-click on the
column name or from the menu bar select
Actions |
|
Display Levels |
In the Levels list, select
any data values and use the pop-up menu or select from the menu bar
Actions |
|
Set Level Tag |
to
choose a Drop or Keep tag for the selected data values.
Note: Use
Drop to remove a value from the report. Use
Keep to make sure that only those values tagged with Keep for the selected
CATEGORY variable are included in the report. Although you can define a mix
of Drop and Keep tags, the Keep tags always take precedence over the Drop
tags.
|
Removing Data from Reports without Subsetting |
You might want to prevent users from seeing certain
detail values while allowing them to see the overall numbers in a report.
You can use the access control's Hide and Show tags to remove data values
from your report's display while including the values in the summarization
process.
Before you begin
- Make sure that the data used in your applications is available
in your session. Data access control restrictions are assigned to metabase
registrations. Make sure that you assign your access control definitions to
the same registrations used in your applications.
- Activate access control.
Then, follow these steps:
- Open
the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional
Applications group.
When prompted, type the access control key.
- In the Access Control Setup window, select Access
Control List Definition and Data Access Control.
- In the Data Access Control Definition window, select a group and
a metabase registration. In the Dimensions list box, select the name of any
CATEGORY
data
column. Use Hide to remove a value from the display. Use Show to make sure
that only those values tagged with Show for the selected CATEGORY variable
are shown in the report In the Dimensions list box, select the name of any
CATEGORY data column. To populate the Levels list box with the unique data
value of that column, either double-click on the column name or from the menu
bar select
Actions |
|
Display Levels |
In the Levels list box, select any data values, and use the
pop-up menu or from the menu bar select
Actions |
|
Set Level Tag |
to choose a Hide or Show tag
for the selected data areas.
Note: Although you can define a
combination of Hide and
Show tags, the Show tags always take precedence.
You can also hide the special Total value. Typically, you might want
to avoid showing a total row or column in tables with hidden values because
the total that is displayed does not represent the total of the data values
displayed.
|
Setting Initial Drill Levels for Your Applications |
You
can use access control to set initial drill levels for groups of users. You
can control the view of the data that users have when they first enter their
application. At any time, a user can navigate up or sideways from an initial
drill level.
Before you begin
- Make sure that the data used in your applications is available
in your session. Data access control restrictions are assigned to metabase
registrations. Make sure that you assign your access control definitions to
the same registrations used in your applications.
- Activate access control.
Then, follow these steps:
- Open
the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional
Applications group.
When prompted, type the access control key.
- In the Access Control Setup window, select Access
Control List Definition and Data Access Control.
- In the Data Access Control Definition window, select a group and
a metabase registration.
You can define which hierarchy level to display first when a user opens
a report. To set an initial hierarchy level, follow these steps
- In the Dimensions list box, select the name of a hierarchy. To
display the hierarchy level in the Levels list box, either double-click on
the hierarchy's name, or from the menu bar select
Actions |
|
Display Levels |
- In the Levels list box, select a
hierarchy level and use either
the pop-up menu or from the menu bar select
Actions |
|
Set Level Tag |
to place the Initial
tag on the item.
Note that the initial hierarchy levels will be picked up only by
hierarchies
that are displayed as a user opens a report.
You can also define the subset to be applied as a user first opens a
report. The initial subset is not permanently applied and can be removed by
the user when navigating the report. To set an initial subset, follow these
steps
- In the Dimensions list box, select the name of a CATEGORY column.
- To display the data values in the Levels list box, either double-click
on the column's name, or from the menu bar select
Actions |
|
Display Levels |
- In the Levels list box, select data
values and use either the
pop-up menu or from the menu bar select
Actions |
|
Set Level Tag |
to place the Initial tag
on the items.
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.