Hello All,
I have a scenario in which I need to put data security \ row level restriction on a BO universe. However, I want to apply restriction dynamically on multiple fields.
Geography Hierarchy: Country --> State --> City --> Area
All my transactions in the fact table are coming against Area. To implement this security, I build 2 tables.
First table has UserID and Role (Country\State\City\Area) -
** Assuming 1 user has 1 role only
| UserID | Role |
| A | Country |
| B | City |
Second table has UserID and Code (Entitled Country\State\City\Area Code). A user having access to multiple region code will have
| UserID | Region_Code |
| A | Country_01 |
| B | City_07 |
So, when country manager A logs in the restriction would be -
Where Geography.Country_Code=Country_01
And, when City manager B logs in the restriction would be -
Where Geography.City_Code=City_07
1) Now my ask is at runtime we should first identify a user's Role using 1st table and then pick the region code using 2nd table and put filter clause on relavant field of the Geography table.
2) Also, how would we handle a scenario where a user (say C) needs access to both Country_01 AND City_07. Perhaps we need to figure out a way where all the filtering happens at most detailed level (Area) irrespective of user's role.
Thanks,
Sameer