I have implemented the Dynamic Security in our BI-SSAS Projekt using a User-Dimension that is updated from Active Directory. I created SSAS-Roles and inside I restrict the users to see only the specified branches.
As Front-End they are using Excel. The problem is that Excel does not use as default the SSAS-Role created so I need to modify the conection string and add the following Property:Extended Properties="Role=PowerUsers" .
How can we use the role created without having to edit the conection string from excel ? Could be this Excel connection string property added as default?
Why doesn't Excel use the right role if you remove Roles= from the connection string? Is the user in question an SSAS admin? Are you 100% sure? If you connect Profiler to SSAS and watch while that user connects it should list the roles the user belongs to. If the roles say *,PowerUsers,Readers then the asterisk means the user is an admin. If you remove him as an admin you won't need to specify Roles on the connection string.
You might also install BIDS Helper and run the Roles Report on your cube. It will expand the security groups in case that user is in a group you weren't aware of.
There is not directly way in the standalone Excel pivot table, but there are a couple of potential approaches you can try:
1) Save the connection string (file) in a shared folder where your users can access it all, you don't have to modify anything in Excel once you specify that file(folder), but you still have to modify that file in the folder. (not good but should be okay)
2) 'IF' you are using SharePoint excel service, the thing is simple: just create a SSS, all can be managed under SharePoint SSS
Related
I've created a tool which is being used by multiple users who all have access to the shared folder the tool is saved in. In the tool I use the function UserNameWindows to pull in the username of the person using the tool. The function I use is =VLOOKUP(UserNameWindows(),T25:U34,2,FALSE) where the T25:U35 range is a mapping of user names to actual names.
The issue is that it works for me but my it's not pulling the username's of other users. Could it be that read-only is preventing the calculation from performing? I sat with one of the users to check and it's like the tool is remembering my Windows username from when I saved it.
You probably used Application.Username in the function and that is the username set in Microsoft Office. It will be blank if they have not set it in File>Options>General>User name. Use Environ("Username") in your function and it will use the windows login username.
I am new to Liferay. Now I need to create the flow chart which has the Liferay table work flow in following scenarios,
1) What are the list of table will reflect/update if we create the site admin?
2) What are the list of table will reflect/update if we create the site?
I tried by opening database tables and noticed that USER_, CONTACT_ will reflect, But I need list of all the related tables which will reflect when we create the site and siteadmin? I am using Liferay 6.2 version.
Thanks in advance.
When you want to know the internals of any system it is always best to check the relevant source-code. So in this case you can check the source-code for those classes which are used for CRUD operations on User and Site.
1) What are the list of table will reflect/update if we create the site admin?
Site-administrator is a Role, which can be applied to a User created in Liferay.
So if you want all the tables that are created from User-creation till User is assigned the Site-administrator role for a particular site, there here are some which I can recollect:
User_ (Obvious)
Contact_ (not so obvious :-) )
Group_ (Users are also created as a record in this table since Users have public and private pages)
Address (if you add an address)
Phone (if you add a Phone)
Users_Roles (Power user role is assigned by default)
UserGroupRole (user and site-role relationship, Site-administrator is a Site-role)
Users_Groups (user and site relationship)
For others you should refer the source-code for UserLocalServiceImpl, RoleLocalServiceImpl and GroupLocalServiceImpl, check the relevant methods prefixed add, update etc.
The corresponding service.xml for these module would reveal the database tables being used.
2) What are the list of table will reflect/update if we create the site?
Sites are nothing but Groups in Liferay. So its obvious Group_ table is playing a big role.
Other tables also depend upon what configuration you are doing while creating a Site.
Then there would be other tables like Layout when you start creating pages for a Site.
I would strongly encourage to go ahead and explore the source code for the classes and you would understand the flow - when and what tables are affected.
Here is some convention which might help you traverse the source-code, almost every *LocalServiceImpl is associated with a *Model like UserLocalServiceImpl with UserModel and almost every *Model has a corresponding database table with the same name.
Also the name of the functionality would in most cases hints at what service classes are being used to connect to database, like adding a User would hint at using UserLocalServiceImpl.
Hope I have understood your question and have been able to give some proper direction.
If you want to know this because you also want to write to these tables: Don't go there! You should purely use the API to change the data that Liferay stores. Otherwise you will run into disasters some time in the future - promised.
For just getting the SQL commands that Liferay actually uses, configure portal-ext.properties and change this default value:
hibernate.show_sql=false
Then go to "Server Administration/Log Levels" and add a new category "org.hibernate.SQL", configure it to the level DEBUG. Then the results show up in the logs. Note that this log configuration is transient and will be reverted on next server start. If you want the setting to be persistent, you'll need to go into Liferay's log4j configuration files.
Remember: You don't want to write to the tables ever. Promise!
Currently I develop a database for another employee at my company. I have Manager Rights at the database to access everything. The administrator of the database should only be able to create/edit/delete documents. He currently got Editor-Access with selected "delete documents"-option. When he wants to delete a document on the database (i tried it with Simple Actions or with Javascript Code-both don't work) he gets redirected to the same page and nothing happens or with Simple Actions the Server-Login page shows up with the message "You don't have the permission to perform this action".
When im testing the functions with my manager access everything works fine. But when i'm changing my rank to Editor like the normal administrator of the database i also can't delete any documents. Like i already said the option in the ACL is activated.
I hope you can understand my problem and there is a solution for it. Normally that access right works fine on every other database at our company.
Another point: There are no Reader or Editor fields in the Documents. So there is no restriction with fields. Could this be the problem?
Check to see if there is some code in the QueryDocumentDelete event for the database. Perhaps that is failing and / or preventing you from deleting.
Given that you mention redirecting and server login, I presume it's a web enabled database?
In which case have you tried looking at the ACL (Access Control List) for the problem database and clicking the Advanced tab.
In there is a field Maximum Internet name and password, this is the maximum access allowed for internet users. If it's not editor, this could be the problem?
Try deleting with ?DeleteDocument URL. That way it will for sure not try to do anything else.
Check the user's access level at server with Database.getCurrentAccessLevel() and Database.queryAccessPrivileges(String name)
After the great suggestions of you all the problem was the checkbox "Allow document locking" at the database properties was enabled. That caused the problems at deleting documents. As Manager is have enough rights to go over that but for the normal Administrator with Editor Access the deletion request got blocked by the little option.
Thanks to everyone!
When Browsing an MS OLAP cube in SQL Server Management Studio I'm able to click on the change user button to change the user that I view the cube as. This let me test security access to various parts of the data.
I was wondering if it's possible to do this in the connection string also? As far as I understand it I can change the Roles property in the connection string, but as the data is locked from particular person's perspective this doesn't help. Also the cube uses windows security so a specific user and password combo aren't going to help either.
Yes, through the following property in your connection string:
EffectiveUserName=DOMAIN\UserName
This will only work if you're an SSAS administrator.
in your ConnectionString you can use CustomData="Username" and After that you can used it like UserName() Function.
PLEASE See this link for more information about CustomData()
http://www.mdxpert.com/Functions/MDXFunction.aspx?f=154
We are using a Sharepoint Implementation for a customer portal. We are giving each client a site where they will have access to reports. We are using the same library of reports, each report takes a parameter that is a unique identifier for the client. The issue we are running into is that as long as you can authenticate to the system you can view the source on the page that has the report and by doing some googling you can figure out how to put together a query string to pull a report. By picking random id numbers you can pull up other clients reports.
Odds are clients will not do this, but there is always a chance and we are looking to close this hole.
Anyone else run into this? We have a some possible solutions but are hoping that there might be something simpler that we are missing.
Within SSRS you can access the User's ID: If you create an internal parameter set to this value (=User.UserID), your queries can check to see if that user has permissions to view the requested data. (i.e. create a table with the UniqueIDs that the user is allowed to access and join to that.)
Combine this with the unique ID parameter, and you should be covered.
If you set up item level permissions for each report you shouldn't have this issue.