10-19-2017 04:43 PM
I was wondering if anyone has a document that addresses applying row level security on VA 7.3? I am attempting to read a userid and display data specific to that id and can't seem to get it to work. I am new at this so I am sure I am just missing something, but what I can find on the web doesn't match what I am seeing in our install. I am simply hoping for an example.
10-20-2017 06:59 AM
Thank you Anna,
I have seen most of the links in the thread you have sent. It appears that the composer is having the same issue as I am. From what was described to us by SAS on site was that we could apply permissions to a LASR table as described in several documents, enter/code Identity Properties such as SUB:AS.Userid via a conditional grant in the LASR table and have that filter the report appropriately. Following SAS's description and what I have found online, I am seeing different images/screenshots and I cannot get things to work.
I was hoping to find an example of how to do this using VA 7.3 or above.
10-20-2017 09:23 AM - edited 10-20-2017 09:24 AM
If a filter for an individual identity does not work as expected, the most likely causes are case sensitivity and the suffix. Specifically, the SUB::SAS.Userid property normalizes the value to all uppercase. For Windows, look for problems with how the domain is specified. For more information, see Windows User ID Formats in the SAS Intelligence Platform: Security Administration Guide.
Another common cause is unexpected leading or trailing blanks in the ID.
Can you post the syntax for your actual condition? Also, when you say that it does not work, what is the behavior? Are all of your results being filtered out? Are no results filtered out? Are you seeing an error?
10-20-2017 03:14 PM
I am sure I am missing something that is why I was simply looking for a document of procedures.
Here is my condition;
( 'Instructor_ID'n Contains 'SUB:AS.Userid' )
I have checked and both Instructor_ID and Userid are identical. No leading or trailing spaces.
The report references a table that is simply ID numbers and related information to each ID. Pretty straightforward.
The report consists of a drop-down list linked to IDs and a crosstab linked by an interaction to the ID drop-down list.
I also discovered that I have to recreate the permission every time I run the EG program to update the table. Is there a way to avoid that?
10-25-2017 02:43 PM
10-25-2017 03:03 PM
I will try that. Unfortunately, I won't be able to until tomorrow. I wear many other hats and I am engaged in another issue currently. I will respond tomorrow.
Thanks again and I will let you know.
10-27-2017 12:44 PM
Hey Madelyn_SAS, I am back.
OK, so switching the order from
Instructor_ID Contains "SUB:: SAS.Userid"
"SUB:: SAS.Userid" Contains Instructor_ID
My only issue now is everytime I reload/rebuild the table I have to go in and make these assignments over again. Seems like there should be a way to keep those when the table is reloaded.
10-31-2017 02:34 PM
The only time that the permissions should be removed is if you delete the metadata for the LASR table. Simply unloading the table and reloading it without touching the existing metadata should not remove the permissions. Are you seeing something different?
10-31-2017 02:49 PM
Currently I have to manually import tables to the LASR server using the "Upload to LASR" from the "Process Flow" in the "Project Tree".
I have options to load to the -
Visual Analytics LASR
Visual Analytics Public LASR (which is what we use)
Environment Manager Data Mart LASR
In each case I have checked the box to "Register data for use in SAS Visual Analytics"
After I use this process to import the table due to new data being available I have to go in and reapply the row level security. It also happens when the server is restarted. We have to reload our tables and apply row level permissions.
We have not had the system a year yet so I am sure some of this needs to be worked out still.