Configuring Credential-Based Filters

You can give different users restricted access to different segments of the data, in a single project, by editing an XML-format configuration file and linking it to the appropriate dimension when you publish. This feature is described in detail in the online Help topic, Credential-Based Filters. The basic technique is to list the Windows domain accounts of all the people who should have access to the project and, for each, list the categories of some dimension that they should be able to see or not see. When the configuration file is in place and the project is published, the table and field containing the category values can be identified.

Important: Be sure that the data field you associate with the security strategy is not used in any Text Filter charts in the project. If it is, the credential-based filtering restriction could be overridden by end users changing the Text Filter state from their browser. A safe alternative is to create a copy of the field using the Expression Builder and use one in a Text Filter and the other for the credential-based filter.

Note: While there must be a data security.config file in the WebFOCUS Visual Discovery Server AE Projects directory that defines all Strategy IDs and names, place the complete definition in a subfolder to ensure that it is not removed or replaced, in case of a software upgrade. Also, since the strategy ID value is permanently stored in the published project, configure a value closely associated with the projects that will use it.


WebFOCUS