Bookshelf Home | Contents | Index | Search | PDF |
Siebel Analytics Server Administration Guide > Security in Siebel Analytics >
Managing Query Execution Privileges
The Siebel Analytics Server allows you to exercise varying degrees of control over the repository information that a user can access.
Controlling query privileges allows you to manage the query environment. You can put a high degree of query controls on users, no controls at all, or somewhere in between. The following lists some types of activities you may want to limit:
- Restricting query access to specific objects, including rows and columns, or time periods
- Objects. If you explicitly deny access to an object that has child objects, the user will be denied access to the child objects. For example, if you explicitly deny access to a particular physical database object, you are implicitly denying access to all of the physical tables and physical columns in that catalog.
If a user or group is granted or disallowed privileges on an object from multiple sources (for example, explicitly and through one or more groups), the privileges are used based on the order of precedence, as described in Group Inheritance.
- Time periods. If you do not select a time period, access rights remain unchanged. If you allow or disallow access explicitly in one or more groups, the user is granted the least restrictive access for the defined time periods. For example, suppose a user is explicitly allowed access all day on Mondays, but belongs to a group that is disallowed access during all hours of every day. This means that the user will have access on Mondays only.
- Controlling runaway queries by limiting queries to a specific number of rows or maximum run time
- Limit queries by setting up filters for an object
All restrictions and controls can be applied at the user level, at the group level, or a combination of the two.
To limit queries by objects for a user or group
- From the Administration Tool menu bar, choose Manage > Security.
- In the Security Manager dialog box, in the tree pane, select Users or Groups.
- In the right pane, right-click the name that you want to change and select Properties.
- In the User or Group dialog box, click Permissions.
- In the User/Group Permissions dialog box, click the General tab and perform the following steps:
- To explicitly allow or disallow access to one or more objects in the repository, click Add.
- In the Browse dialog box, in the Name list, select the objects you want to change, and then click Select.
- In the User/Group Permissions dialog box, assign the permissions by selecting or clearing the Read check box for each object.
(Default is a check) If the check box contains a check, the user has read privileges on the object. If the check box contains an X, the user is disallowed read privileges on the object. If it is blank, any existing privileges (for example, through a group) on the object apply.
- Click OK twice to return to the Security Manager dialog box.
To limit queries by number of rows received by a user or group
- From the Administration Tool menu bar, choose Manage > Security.
- In the Security Manager dialog box, in the tree pane, select Users or Groups.
- In the right pane, right-click the name that you want to change and select Properties.
- In the User or Group dialog box, click the Permissions tab.
- In the User/Group Permissions dialog box, click the Query Limits tab and expand the dialog box to see all columns.
- To specify or change the maximum number of rows each query can retrieve from a database, in the Query Limits tab, perform the following steps:
- In the Max Rows column, type the maximum number of rows.
- In the Status Max Rows field, select a status using Table 36 as a guide.
- Click OK twice to return to the Security Manager dialog box.
To limit queries by maximum run time or to time periods for a user or group
- From the Administration Tool menu bar, choose Manage > Security.
- In the Security Manager dialog box, in the tree pane, select Users or Groups.
- In the right pane, right-click the name that you want to change and select Properties.
- In the User or Group dialog box, click the Permissions tab.
- In the User/Group Permissions dialog box, click the Query Limits tab and expand the dialog box to see all columns.
- To specify the maximum time a query can run on a database, in the Query Limits tab, perform the following steps:
- In the Max Time column, select the number of minutes.
- From the Status Max Time drop-down list, select a status using Table 36 as a guide.
- To restrict access to a database during particular time periods, in the Restrict column, click the ellipsis button.
- In the Restrictions dialog box, perform the following steps:
- Click OK twice to return to the Security Manager dialog box.
To limit queries by setting up a filter on an object for a user or group
- From the Administration Tool menu bar, choose Manage > Security.
- In the Security Manager dialog box, in the tree pane, select Users or Groups.
- In the right pane, right-click the name that you want to change and select Properties.
- In the User or Group dialog box, click the Permissions tab.
- In the User/Group Permissions dialog box, click the Filters tab.
- In the Filters tab, to add an object to filter, perform the following steps:
- In the User/Group Permissions Filters dialog box, click the ellipsis button for the selected object.
- In the Expression Builder dialog box, create a logical filter, and then click OK.
- In the User/Group Permissions Filters dialog box, from the Status drop-down list, select a status using Table 36 as a guide.
- Click OK twice to return to the Security Manager dialog box.
Bookshelf Home | Contents | Index | Search | PDF |
Siebel Analytics Server Administration Guide Published: 11 March 2004 |