Chapter Contents

Previous

Next

Controlling Access to Data

Controlling Access to Your Applications' Data

You can define data access restrictions for groups of users on each existing metabase registration. For each combination of group and registration, you can do the following:

• deny access to the entire table

• drop or keep hierarchies

• drop or keep ANALYSIS/COMPUTED columns

• hide ANALYSIS columns

• drop or keep CATEGORY columns

• drop or keep hierarchy levels

• set initial drill levels

• drop or keep statistics for individual ANALYSIS/COMPUTED columns

• drop or keep data values and totals

• hide the special Total value

• hide or show data values

• define initial drill subsets

Below are some guidelines to follow when you assign access using the Drop, Keep, and Hide tags in your access lists.

• Drop columns or hierarchies to remove them from any reports and selection windows for the users in the selected group. Keep columns or hierarchies to display only those in any reports or selections windows.

• Drop data values to remove them from the report and any selection windows. The dropped data values will not be included in the summarization process. Keep data values to make sure only the selected data values are being used in the report, even if data values are being added to the database. Although you can define a mix of Drop and Keep tags, the Keep tags will always take precedence over the Drop tags.

• Hide ANALYSIS columns to remove them from reports and selection windows, but have them available internally as input to COMPUTED columns.

• Hide data values and the special Total values to remove values from the report and any selection lists but include them in the summarization process.

• Set Initial hierarchy levels and data values to define an initial drill status.

Removing Columns from Your Applications

You can use access control to dynamically remove columns from users' reports. Reports built using columns that are denied for a given group of users will not display those columns when a user of that group runs the report. Also, when users build reports using a restricted metabase registration, the columns denied to them will not be available for selection.

Before you begin

1. Make sure that the data used in your applications is available in your session. Data access control restrictions are assigned to metabase registrations. Make sure that you assign your access control definitions to the same registrations used in your applications.

2. Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional Applications group. When you are prompted to do so, type the access control key.

2. In the Access Control Setup window, select Access Control List Definition and Data Access Control.

3. In the Data Access Control Definition window, select a group and a metabase registration. Then, select column names in the Dimensions list box and use either the pop-up menu or from the menu bar select

   Actions

   Set Dimension Tag

   to complete one of the following tasks:

   • drop or keep CATEGORY columns. Removing CATEGORY columns also removes them from any hierarchies to which they belong.

   • drop or keep ANALYSIS/COMPUTED columns. You might want to remove an ANALYSIS column from the report but still have it available as part of a COMPUTED column. To do this, select Hide instead of Drop. The Hide tag prevents the user from seeing or selecting the column, but the column is still available for calculating COMPUTED columns.

   • drop or keep statistics for individual ANALYSIS/COMPUTED columns. For each analysis column, you can select the set of statistics to be made available to users.

   • drop or keep hierarchies. The CATEGORY variables that make up a hierarchy are still available to users for display and selection.

   • drop or keep hierarchy levels. The CATEGORY variable that makes up a hierarchy level is still available to users for display and selection.

   

Note:   Dropping a column removes it from the reports. Keeping columns removes from the reports all columns except those tagged with the Keep tag. Although you can define a combination of Drop and Keep tags in an access list, Keep tags always have precedence over Drop tags.  

Subsetting Data for Your Applications

You can use access control to exclude data from the reports for groups of users.

Before you begin

1. Make sure that the data used in your applications is available in your session. Data access control restrictions are assigned to metabase registrations. Make sure that you assign your access control definitions to the same registrations used in your applications.

2. Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional Applications group. When prompted, type the access control key.

2. In the Access Control Setup window, select Access Control List Definition and Data Access Control.

3. In the Data Access Control Definition window, select a group and a metabase registration. In the Dimensions list box, select the name of a CATEGORY data column. To populate the Levels list with the unique data value of that column, either double-click on the column name or from the menu bar select

   Actions

   Display Levels

   In the Levels list, select any data values and use the pop-up menu or select from the menu bar

   Actions

   Set Level Tag

   to choose a Drop or Keep tag for the selected data values.

   

Note:   Use Drop to remove a value from the report. Use Keep to make sure that only those values tagged with Keep for the selected CATEGORY variable are included in the report. Although you can define a mix of Drop and Keep tags, the Keep tags always take precedence over the Drop tags.  

Removing Data from Reports without Subsetting

You might want to prevent users from seeing certain detail values while allowing them to see the overall numbers in a report. You can use the access control's Hide and Show tags to remove data values from your report's display while including the values in the summarization process.

Before you begin

1. Make sure that the data used in your applications is available in your session. Data access control restrictions are assigned to metabase registrations. Make sure that you assign your access control definitions to the same registrations used in your applications.

2. Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional Applications group. When prompted, type the access control key.

2. In the Access Control Setup window, select Access Control List Definition and Data Access Control.

3. In the Data Access Control Definition window, select a group and a metabase registration. In the Dimensions list box, select the name of any CATEGORY data column. Use Hide to remove a value from the display. Use Show to make sure that only those values tagged with Show for the selected CATEGORY variable are shown in the report In the Dimensions list box, select the name of any CATEGORY data column. To populate the Levels list box with the unique data value of that column, either double-click on the column name or from the menu bar select

   Actions

   Display Levels

   In the Levels list box, select any data values, and use the pop-up menu or from the menu bar select

   Actions

   Set Level Tag

   to choose a Hide or Show tag for the selected data areas.

   

Note:   Although you can define a combination of Hide and Show tags, the Show tags always take precedence.   

You can also hide the special Total value. Typically, you might want to avoid showing a total row or column in tables with hidden values because the total that is displayed does not represent the total of the data values displayed.

Setting Initial Drill Levels for Your Applications

You can use access control to set initial drill levels for groups of users. You can control the view of the data that users have when they first enter their application. At any time, a user can navigate up or sideways from an initial drill level.

Before you begin

1. Make sure that the data used in your applications is available in your session. Data access control restrictions are assigned to metabase registrations. Make sure that you assign your access control definitions to the same registrations used in your applications.

2. Activate access control.

Then, follow these steps:

1. Open the Access Control Setup window by selecting Setup from the EIS Main Menu and Access Control from the Setup window's Multidimensional Applications group. When prompted, type the access control key.

2. In the Access Control Setup window, select Access Control List Definition and Data Access Control.

3. In the Data Access Control Definition window, select a group and a metabase registration.

   You can define which hierarchy level to display first when a user opens a report. To set an initial hierarchy level, follow these steps

   1. In the Dimensions list box, select the name of a hierarchy. To display the hierarchy level in the Levels list box, either double-click on the hierarchy's name, or from the menu bar select

      Actions

      Display Levels

   2. In the Levels list box, select a hierarchy level and use either the pop-up menu or from the menu bar select

      Actions

      Set Level Tag

      to place the Initial tag on the item.

      

      Note that the initial hierarchy levels will be picked up only by hierarchies that are displayed as a user opens a report.

   You can also define the subset to be applied as a user first opens a report. The initial subset is not permanently applied and can be removed by the user when navigating the report. To set an initial subset, follow these steps

   1. In the Dimensions list box, select the name of a CATEGORY column.

   2. To display the data values in the Levels list box, either double-click on the column's name, or from the menu bar select

      Actions

      Display Levels

   3. In the Levels list box, select data values and use either the pop-up menu or from the menu bar select

      Actions

      Set Level Tag

      to place the Initial tag on the items.

Chapter Contents

Previous

Next

Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.