Data Security Profiles are a group of settings that define security on the data foundation and the data connections. Data Security Profiles can be defined for relational universes only.
Data Security Profile Connection Settings
Use the Data Security Profile Connections setting to define replacement connections that can override the connections defined in the universe. When a user with a profile containing a replacement connection runs a query on the universe, the replacement connection is used. Only secured connections can be defined as replacement connections. The replacement connection must be of the same type as the original connection. Relational connections fall into one of the following three types:
SAP BW relational databases
SAS relational databases
Other relational databases
Data Security Profile Controls Settings
Use the Data Security Profile Controls settings to define replacement query limits that override the default limits when retrieving data from the database. Default query limits are set by the universe designer in the business layer. When a user with a profile with replacement Controls settings runs a query, the replacement limits are used instead of the limits defined in the business layer properties.
In the editor for Data Security Profiles, the limits selected and the limit values defined in the business layer are displayed. When you select or deselect a limit, or enter a new value for a limit, the label appearance changes to bold. This bolding shows that the limit is an override and not the default limit defined in the universe.
The following table lists Data Security Profile Controls settings:
Data Security Profile Controls Settings
Query Limit | Possible values |
Limit size of result set to |
|
Limit execution time to |
|
Warn if cost estimate exceeds |
|
Data Security Profile SQL Settings
Use the Data Security Profile SQL settings to define replacement query options. When a user with an assigned or inherited profile with SQL settings uses the query panel, the replacement options are used instead of the query options defined in the universe.
Data Security Profile Controls Settings
Query Option | Possible values |
Allow use of subqueries |
|
Allow use of union, intersect, and minus operators |
|
Allow complex operands in Query Panel |
|
Multiple SQL statements for each context |
|
Multiple SQL statements for each measure |
|
Allow Cartesian products |
|
When you make any changes from the default settings, the label appearance changes to bold. This bolding shows that the limit is an override and not the default limit defined in the universe.
Data Security Profile Rows Settings
Use Data Security Profile Rows settings to restrict the rows returned in a query. You restrict the rows by defining an SQL WHERE clause for a specified table. When a user with an assigned or inherited profile with a Rows setting runs a query that selects from the table defined in the WHERE clause, the defined WHERE clause is added to the SQL generated.
Note
A user who has the right to edit the generated SQL in the reporting tool, can change the WHERE clause generated by the Rows setting. Remember to manage the rights of the user in the reporting tool, to prevent the user from modifying the SQL.
The SQL for the WHERE clause cannot include:
Calculated columns
Derived tables
Data Security Profile Tables Settings
Use the Data Security Profile Tables setting to define replacement tables. When a user with an assigned or inherited profile that has a Tables setting runs a query that references the original table, the replacement table is used instead.
Note
A user who has the right to edit the generated SQL in the reporting tool can change the replacement table name. Remember to manage the rights of the user in the reporting tool to prevent the user from modifying the SQL.
You can replace a standard table in the data foundation with a database table in the connection defined for the universe or another standard table in the data foundation.
Note
You can specify an owner and qualifier for the replacement table by entering the details in the fields provided. Do not enter the details as part of the table name.