Modeling patterns for dynamic security
To create a model for dynamic security:
1. Create a two-column security table in the relational data source. In the first column, specify the list of Windows user names or custom data values. In the second column, specify the data values that you want to allow users to access for a column in a given table.
2. Import the security table into the tabular model using the Import Wizard.
3. Using the Import Wizard, create a one column table that contains the user names or custom data values for the model. The values in this table must be unique. This table does not need to be materialized in the relational data source; instead, it can be constructed in the Import Wizard by querying the security table for the unique user names or custom data values.
4. Create a relationship between the security table and the column that is being secured.
5. Create a relationship between the bridge table created in step 3 and the security table created in step 2.
6. [optional] Add supporting calculated columns or measures for computing the row filter on the table that contains the column that you want to secure.
7. Create a role in the Role Manager with Read permission.
8. Set the row filter for the security table to =FALSE().
9. Set the row filter for the bridge table to restrict the allowed row set to the currently logged on Windows user or to the custom data value using a row filter like =[Column Name]=USERNAME() or =[Column Name]=CUSTOMDATA().
10. Set the row filter on the table that you want to secure using one of the methods described in the examples that follow.
1. Create a two-column security table in the relational data source. In the first column, specify the list of Windows user names or custom data values. In the second column, specify the data values that you want to allow users to access for a column in a given table.
2. Import the security table into the tabular model using the Import Wizard.
3. Using the Import Wizard, create a one column table that contains the user names or custom data values for the model. The values in this table must be unique. This table does not need to be materialized in the relational data source; instead, it can be constructed in the Import Wizard by querying the security table for the unique user names or custom data values.
4. Create a relationship between the security table and the column that is being secured.
5. Create a relationship between the bridge table created in step 3 and the security table created in step 2.
6. [optional] Add supporting calculated columns or measures for computing the row filter on the table that contains the column that you want to secure.
7. Create a role in the Role Manager with Read permission.
8. Set the row filter for the security table to =FALSE().
9. Set the row filter for the bridge table to restrict the allowed row set to the currently logged on Windows user or to the custom data value using a row filter like =[Column Name]=USERNAME() or =[Column Name]=CUSTOMDATA().
10. Set the row filter on the table that you want to secure using one of the methods described in the examples that follow.
Comments
Post a Comment