User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets. User security levels are great way to reduce vulnerability risk, as it allows you to access data belonging only to specific user.

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

User security can be created also outside of domain

Creating user security levels

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

defining query code

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Query code example

SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

Variables

The following variables are available:

  • $user(XXX) - will return user profile information
    • XXX = username, name, surname, roles, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $user.parameters - will check whether user parameters contain specified value, example: 
    WHERE '${user.parameters}' LIKE '%department=ACCOUNTING;%' 
  • $date(now) - will return the current date
  • ${@reportVariable} - will apply value of the report variable


user variablesreport variables

Wildcard

You can use wildcards in BellaDati which allows you to substitute any number of characters

Name

Description

%Replace zero or any number of characters.
_Replace one single character

Union

In case multiple selects are required, use key UNION to join them.

JOIN

If JOIN is needed, it can be also used in query. JOIN represents LEFT JOIN

Applying security levels

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
  4. Select the required security level and click add

Applied user security levels are displayed on the user security level screen:

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.


Vulnerability risk reduce

Here you can see simple example of limiting data only to specific userId. DataSet 26 must contain L_CONN_COL this column will be key for both tables and L_USER_ID. This security can be applied to any other DataSet that has L_CONN_COL which will grant access to specific row.