Securing Data for users without permissions

Bruce Steinberg shared this question 22 months ago
Answered

Good Morning/Afternoon,

We are using Smart Reporting through the BMC ITSM product.


(Fingers crossed this is possible....)


We need to make sure that users who do not have permissions to module data cannot see it regardless if its in a report that blends data from a module they do have access.

For example: User has permissions to Incident data but not Problem data. We know in Remedy this means they would not be able to access the Problem module or Problem data.


It is not uncommon for a report to be developed that may blend data from 2 different modules, where one of the modules is actually restricted.


Expectation is they would see the Incident Data, but the Problem Data column would be blank or ??

1. Hopefully we have a way for BMC data restrictions to be enforced at a global level and not report by report basis?

2. If it can be done can you share with me the steps to secure the data at a global level and not by report level?


Thank you,

Bruce Steinberg

206 902 7431

Comments (2)

photo
1

Hi Bruce,

This sort of thing is typically controlled through access filters. Essentially this will assure that a where clause is added to every report's SQL representing that user's access to the data. So if you have a "company" column with an access filter, user a might have access to company "A" and "B"

When that user runs any report with that access filter the following where clause will automatically be inserted into the SQL query:

WHERE company IN ("A","B")

http://wiki.yellowfin.com.au/display/USER74/Restricting+Data+with+Access+Filters

Unfortunately I am not very familiar with how BMC works and, per our contract with them, they are responsible for almost all support requests, so if you are looking for more exact information here I would recommend approaching them directly.

Regards,

Nathan

photo
1

I am going to set this ticket to closed for now, but if there is anything else I can do to help here, please just let me know and the case will be re-opened!


Regards,

Nathan