Row Level Security / Restriction in BO Universe Designer

Row security is one of the powerful restrictions by user or Group level and it’s frequently used in restricting the region / country wise data when management level decision making reports.

Row Level Security can be done at universe level in universe designer. The restrictions can be any one of the below reasons.

1.    Restrict the set of rows for a user / group – Example restrict Canada Country data to USA Group, so that users in USA group won’t get Canada report in their report.
2.    Apply a filter where in entire Business Objects system users/Groups don’t want to see particular data which make your report to show wrong result (kind of globally filtering some data of your report which are comes from that particular universe).

Apply Row Level Security / Restriction

1.    Universe Designer – Tools – Manage Security –Manage Access Restrictions.

Row level Sec12.    Manage Access Restrictions window will open.

Row level Sec23.    Click New in the above screen and it would open new Restriction pop up window which holds Connection, Controls, SQL, Objects, Rows and Table Mapping tabs and by default it will point to Row Access tab.

Row level Sec3a.    Add Restriction Name – “Restrict Country Canada”.
b.    Click Add and will Open to Select the Table and WHERE Clause conditions.
Row level Sec4c.    Select the added restrictions and Click Check All option to validate.

Row level Sec5d.    Click OK.

Row level Sec64.    Click the “Add User or Group” and you can see list of available users and Groups list.

Row level Sec75.    Click the users / group from left side and add it into right side panel and OK.

Row level Sec86.    Select available restrictions and available users and groups and Apply.

Row level Sec97.    For the first resections and groups, the priority will set to one and if you are adding more restrictions and group, you have set the priority by selecting the Priority Options. There won’t be any priority settings for individual users.

8.    Click OK. Now Row select Security applied for the CS Users group and they cannot see Canada Country data into their reports. You can validate the same by checking the SQL query in the report Query panel.

Other Tab options in the restriction:

Connections – Universe connection to the data source. You can select an alternative connection for the universe. This is same as Universe Parameters Definition Tab.

Controls – Options to limit the size of the result set and query execution time. This is same as Universe Parameters Controls Tab.

SQL – Options to control the SQL generated for queries. This is same as Universe Parameters SQL Tab.

Object – You can select object which are not accessible in the query panel to the user when they create the report. You can apply the restrictions to particular object into a single user or groups same as Row level security process.

Row level Sec10Table Mapping – You can replace a table referenced in the universe by another table in the database.
You can apply the restrictions to particular table into a single user or groups same as Row level security process. This will help to restrict some of table access from users and use another table when the particular user or groups access the restricted table.

Row level Sec11To apply Row Level Security or Object Level Security or Table Mapping for a user or groups, the process is same and it’s a power full function to restrict some sensitive and confidential data to normal & ad-hoc report users.


8 thoughts on “Row Level Security / Restriction in BO Universe Designer

      • When i apply that and add the user group then the users in the group are not able to view the class…But my requirement is only the users in the group should be able to view the class and for other it shouldnt be visible…and the class here i mean is the folder in the universe…Kindly let me know the answer…

  1. Hi Madhes,

    I’m facing an issue restrictions on group/user. I need to apply several restriction depending the query in WEBI.
    I know for some I can use cascading :hirerachical prompt but….
    – I can’t select all value at the same time from the second level
    – It’s not working when using a context.
    Any clue ?


      • HI Madhes
        Thanks for answering. What do you mean by “Share hieracrichal prompt…..”. My first problem is to assign multiple restrcition to a group/ user. UDT allows me to assign only one restriction by user/Group

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.