To apply security to a data set, select Security, then specify the security IDs in Access Control List Expression. Figure 23-11 shows an example where the expression specified for the data set’s Access Control List Expression property is:
|
Figure 23-11
|
In the example, only users with the CEO or CFO role can access the data set. For example, in a report that contains a table that uses the secured data set, only the CEO and CFO can view the data in the table, as shown in Figure 23-12. Other users see an empty table, as shown in Figure 23-13.
|
Figure 23-12
|
As Figure 23-13 shows, the table does not display data from the secured data set, but the labels in the table’s header appear. To hide the entire table if there is no data, use the table’s Visibility property. Specify an expression, as shown in the following example, as the condition for hiding the table. In the expression, Row_Count is a column binding that uses the COUNT function to return the number of rows in the table.
You can also apply security to rows in a data set, which is a typical approach. To do so, specify the security IDs in Row Access Control List Expression. Figure 23-14 shows an example where the expression specified for the Row Access Control List Expression property is:
|
Figure 23-14
|
Security applied to data set rows acts as a filter. In the example shown in Figure 23-14, the HR Director can view all rows in the data set. Managers can view only rows that pertain to their department as specified by the office code.
Figure 23-15 shows a report design that uses the secured data object. In the design, a table contains data elements that access the data set columns in the data object.
When run and viewed by the HR Director, the report displays all the rows in the data set, as shown in Figure 23-16.
|
Figure 23-16
|
When run and viewed by the manager of a specific office code, the report displays only the rows for that office. Figure 23-17 shows the report thatManager: Office 4 sees.
|
Figure 23-17
|
As the example shows, applying security to data set rows is useful for creating a single data set that provides different data to different users.
You can also apply security to each column in a data set. For example, you can restrict a profit/loss column or a salary column to users with executive-level roles. To do so, select Output Columns, select the column, then specify the security IDs in Access Control List Expression. Figure 23-18 shows an example where the expression specified for a column’s Access Control List Expression property is:
|
Figure 23-18
|
In the example, only users with the Sales VP role can access data in the PROFIT column. Figure 23-19 shows a report using the PROFIT column and how the report appears to a user with the Sales VP role.
|
Figure 23-19
|
Figure 23-20 shows the same report, but as viewed by a user without the Sales VP role. There is no data in the PROFIT column; only the PROFIT label appears in the table header. To hide the entire column if there is no data, set the column’s Visibility property to an expression, such as the following:
|
Figure 23-20
|
Security at the column level also controls the availability of certain columns to users designing a dashboard in BIRT 360 or a report in BIRT Studio.
