Hi,
we want to implement row level security in a universe to accomodate following:
* users will only be able to see some entities
* users will see only one group of accounts or all
The first thing is easy to overcome and is explained in all kind of fora: you create a table like below
| Username | Entitycode |
|---|---|
| JVDD | BRUZT |
| JVDD | CPHZT |
| BPO | BRUZT |
| BPO | MANZQ |
| PBK | BRUZT |
| PBK | MANZQ |
| PBK | CPHZT |
| FSC | CPHZT |
Now as a second level of security people are not allowed to see all Financial accounts in their reports.
We thought on solving this as well through the above security table by adding in a second column. There are however 15 groups of accounts that should be secured.
For people only having the need to access a single account group (e.g. Revenue = accounts starting with 3), we think that it is still manageable.
| Username | Entitycode | Account |
|---|---|---|
| BPO | BRUZT | 3 |
| BPO | MANZQ | 3 |
| FSC | CPHZT | 1 |
For people that should see all accounts we think that the table will become much to complicated (due to the number of account groups and the number of entities (>300)) and we would like to replace 'ALL Accounts' with a *
to have a table like this:
| Username | Entitycode | Account |
|---|---|---|
| JVDD | BRUZT | * |
| JVDD | CPHZT | * |
| BPO | BRUZT | 3 |
| BPO | MANZQ | 3 |
| PBK | CPHZT | * |
| PBK | MANZQ | * |
| PBK | BRUZT | * |
| FSC | CPHZT | 1 |
The question now is how we can link the * to all accounts in the join syntax, so that user JVDD can see all accounts without any limitation.
Are there other solutions that you see? Any help is appreciated.