BookmarkSubscribeRSS Feed
alexandros
Fluorite | Level 6

Hello community,

 

My problem is that i actually want to make a row level authentication in a shared report with guest access enabled by passing parameters in url.

I will try to explain my problem in detail :

I have a Report in SAS Viya, in which I have a filter for different customers (filter-object:customerid). I have a parameter(cusid) for this object which actually filters that filter. Now I want to share this report as embedded using guest access. I have managed to pass the parameter in url so depending the customer that view the report I filter what he/she can see. My problem is that any customer that has access to this report can change the filter in the report , so can see info from another customer. Is there any way to prevent any user from changing the filter-object in the report? Can I hide the filter object ? Can I use the parameter that I have made (cusid) in the data source as a filter through environment manager?

2 REPLIES 2
Patrick
Opal | Level 21

The way I understand things:

Guest access means that you don't know the user (anonymous) and though you can't separate such users into groups (companies). 

You could consider to create a user/group per customer and share this info with them. In doing so you then could secure your data server side. Example here

alexandros
Fluorite | Level 6

Dear Patrick,

 

Thank you for your answer. Let me explain a little bit more my case:

The SAS Report is embedded in another web page. In this parent page the users log in with their credentials without AD. They have to see the report without log in again in SAS. Because we have not find a way to authenticate them in SAS we have enabled guest access for the Report. So even if we know what data to share with each user (from their credentials in the parent page) we don't know how to pass this info in SAS. By using a filter with each customer's id(which is different from their id that they use to log in) we filter the data and we pass this id as a parameter to the shared url of the SAS report. Now we just want to prevent end users from changing the id (Drop-down list object) in the report, in order to prevent them to have access in other customers data. I don't know if it is possible through SAS or if we have to find another way to resolve this problem.

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Mastering the WHERE Clause in PROC SQL

SAS' Charu Shankar shares her PROC SQL expertise by showing you how to master the WHERE clause using real winter weather data.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 369 views
  • 0 likes
  • 2 in conversation