cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
alexandros
Fluorite | Level 6 alexandros
Fluorite | Level 6

Row level authentication in Guest access

Posted 01-25-2020 04:25 AM (381 views)

Hello community,

 

My problem is that i actually want to make a row level authentication in a shared report with guest access enabled by passing parameters in url.

I will try to explain my problem in detail :

I have a Report in SAS Viya, in which I have a filter for different customers (filter-object:customerid). I have a parameter(cusid) for this object which actually filters that filter. Now I want to share this report as embedded using guest access. I have managed to pass the parameter in url so depending the customer that view the report I filter what he/she can see. My problem is that any customer that has access to this report can change the filter in the report , so can see info from another customer. Is there any way to prevent any user from changing the filter-object in the report? Can I hide the filter object ? Can I use the parameter that I have made (cusid) in the data source as a filter through environment manager?

0 Likes
Reply
2 REPLIES 2
Patrick
Opal | Level 21 Patrick
Opal | Level 21

Re: Row level authentication in Guest access

Posted 01-25-2020 07:54 PM (335 views)  |   In reply to alexandros

The way I understand things:

Guest access means that you don't know the user (anonymous) and though you can't separate such users into groups (companies). 

You could consider to create a user/group per customer and share this info with them. In doing so you then could secure your data server side. Example here

0 Likes
Reply
alexandros
Fluorite | Level 6 alexandros
Fluorite | Level 6

Re: Row level authentication in Guest access

Posted 01-26-2020 03:32 AM (310 views)  |   In reply to Patrick

Dear Patrick,

 

Thank you for your answer. Let me explain a little bit more my case:

The SAS Report is embedded in another web page. In this parent page the users log in with their credentials without AD. They have to see the report without log in again in SAS. Because we have not find a way to authenticate them in SAS we have enabled guest access for the Report. So even if we know what data to share with each user (from their credentials in the parent page) we don't know how to pass this info in SAS. By using a filter with each customer's id(which is different from their id that they use to log in) we filter the data and we pass this id as a parameter to the shared url of the SAS report. Now we just want to prevent end users from changing the id (Drop-down list object) in the report, in order to prevent them to have access in other customers data. I don't know if it is possible through SAS or if we have to find another way to resolve this problem.

0 Likes
Reply

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!
Mastering the WHERE Clause in PROC SQL

SAS' Charu Shankar shares her PROC SQL expertise by showing you how to master the WHERE clause using real winter weather data.

Watch Mastering the WHERE Clause in PROC SQL on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎01-25-2020 04:25 AM
  • 382 views
  • 0 likes
  • 2 in conversation