Technical Blog Post
Abstract
BiLog: One Eyed Al….Data Restrictions and Reporting
Body
One eyed Al rules a massive section of the Turner River in the midst of the Florida Everglades. While meticulously kayaking past the aptly named alligator on a recent morning, his enormous 12 foot length and massive, powerful jaw instantaneously communicated to us his control over all living beings on this portion of the river bed.
And just as One Eyed Al restricts use of his area of the Turner River, you can enable data restrictions with BIRT reporting in the Version 7 releases to control what database records your individual security groups see.
You can set three different levels of data restrictions within the V7 applications, but today’s blog focuses on the Set Data Security, or ‘Qualified’ Object Restrictions. To enable these restrictions for reporting, you must enable the following conditions:
1. The Data Restriction must be set on the main table (object) of the Application where the report is registered to.
2. The type of Data Restriction must be qualified - it cannot be Hidden or Read Only.
3. The Conditional Expression must utilize proper syntax.
4. The SQL of the Report Design must include the main table of the application.
In the V7 and V75 Report Feature guides available here, an example details how the conditions are applied using the Purchasing security group, which only has access to one of multiple storeroom locations. Recapping this at a very top level, the administrator first sets the storeroom data restriction by implementing the first 3 conditions highlighted above for the Inventory application. This is shown in the screenshot below.
Then, the fourth and final condition is set by confirming the main table of the application is included within the report design file’s sql statement. The example uses the Inventory Balance report, which includes the main table of the Inventory application (INVENTORY) so the data restrictions can pass properly.
Once the setup items are completed, you can quickly see how reporting applies the data restrictions when a member of the Purchasing security group executes reports. When executing the Inventory Balance report with the Central storeroom that they have access to, the report data displays as shown here.
Once the setup items are completed, you can quickly see how reporting applies the data restrictions when a member of the Purchasing security group executes reports. When executing the Inventory Balance report with the Central storeroom that they have access to, the report data displays as shown here.
However, when executing the same report against the Package Storeroom which the security group does not have access to, the report executes – but does not display any data. This is correct behavior as even though data exists, the users do not have security rights to view it. 
Al the one eyed Florida Alligator and the Maine Moose both have incredible size and control....wonder what they are planning for lunch?
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
UID
ibm11134603