- OneStream Community
- Forums
- Application Build
- Drill Back Security for Confidential Data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Drill Back Security for Confidential Data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 08:35 AM
Hey all - does anyone know the best practice to securitize the drill back functionality based on Entity (or other group) access? My use case is that we have users who can see entire company financials (actuals and planning) but should not be able to drill back to the People Planning registers unless they meet a certain criteria (in a specific security group and have a specific entity group access).
Thanks for any assistance!
- Labels:
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 09:23 AM
Hi @aricgresko
Drill back security can be customized. But first, there is not such thing as a drill back security out of the box, you will need to customize the drill back to show or not depending on the user group. You would do that in the connector business rule and more precisely under the "Case is = ConnectorActionTypes.GetDrillBackTypes".
You could also add in "ConnectorActionTypes.GetDrillBack" there something like "if the user is in this group, then run that query otherwise run that other one".
But as you can see, it is all with coding. There is no such thing as a drop down list where you would select the security group.
Hope it helps
LinkedIn: https://www.linkedin.com/in/nicolas-argente/
Website: https://aiqos.io
If you want to lift yourself up, lift up someone else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2024 11:09 AM
I wanted to close the loop on this that writing custom coding within the Case Is = ConnectorActionTypes.GetDrillBack was what we needed to get the job done. Thanks for pointing me in the right direction @NicolasArgente !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2024 11:14 AM
You are most welcome @aricgresko 🙂
LinkedIn: https://www.linkedin.com/in/nicolas-argente/
Website: https://aiqos.io
If you want to lift yourself up, lift up someone else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2024 12:56 PM
Thanks Nic. I have begun down that path with BRApi.Security.Authorization.IsUserInGroup(si, "GroupName") and that does work at a basic level. However, I need this to be more conditional, looking at a user's Write security access vs. the Entity they are drilling back on. Initially seems like something to pass a member list into but was having some issues with getting that to work.
