Versions Compared

Old Version 24

changes.mady.by.user testing

Saved on

compared with

New Version Current

changes.mady.by.user jack xie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Sv translation
languageen

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets. User security levels are great way to reduce vulnerability risk, as it allows you to access data belonging only to specific user.

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.


Info

User security can be created also outside of domain

Creating user security levels

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

defining query code

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Query code example

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

Variables

The following variables are available:

  • $user(XXX) - will return user profile information
    • XXX = username, name, surname, roles, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $date(now) - will return the current date
  • $user.parameters - will check whether user parameters contain specified value, example: 
    WHERE '${user.parameters}' LIKE '%department=ACCOUNTING;%'
  • $date(now) - will return the current date
  • ${@reportVariable${{@reportVariable}} - will apply value of the report variable


user variablesreport variables

Union

Wildcard

You can use wildcards in BellaDati which allows you to substitute any number of characters

Name

Description

%Replace zero or any number of characters.
_Replace one single character

Union

In case multiple selects are required, use key UNION to In case multiple selects are required, use key UNION to join them.

JOIN

If JOIN is needed, it can be also used in query. JOIN represents LEFT JOIN

Applying security levels

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
  4. Select the required security level and click add

Applied user security levels are displayed on the user security level screen:

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.


Vulnerability risk reduce

Here you can see simple example of limiting data only to specific userId. DataSet 26 must contain L_CONN_COL this column will be key for both tables and L_USER_ID. This security can be applied to any other DataSet that has L_CONN_COL which will grant access to specific row.


Image Added

Sv translation
languagesk

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the

Sv translation
languagesk

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

CREATING USER SECURITY LEVELS

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

DEFINING QUERY CODE

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

QUERY CODE EXAMPLE

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

VARIABLES

The following variables are available:

  • $user(XXX) - will return user profile information
    • XXX = username, name, surname, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $date(now) - will return the current date
  • $@reportVariable - will apply value of the report variable


user variablesreport variables

UNION


In case multiple selects are required, use key UNION to join them.

APPLYING SECURITY LEVELS

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
  4. Select the required security level and click add

Applied user security levels are displayed on the user security level screen:

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.



Sv translation
languageja

ユーザーセキュリティレベルにより、高度なデータレベルのアクセス定義を作成できます。定義は、選択したデータセットに適用される指定されたフィルターに基づいています。

ユーザーセキュリティレベルは、特定のユーザーのみに属するデータへのアクセスを可能にするため、脆弱性リスクを軽減する最適な方法です。

Note

ドメイン管理者の役割が割り当てられているユーザーのみが、ユーザーのセキュリティレベルを作成および管理できます。


Info

ユーザーのセキュリティはドメイン外でも作成できます。

ユーザーセキュリティレベルの作成

画面上部のメインメニューから[データセット]ページを開きます。

  1. 左側のサブメニューの[ユーザーセキュリティレベル]をクリックします。
  2. [新しいレベルを追加]オプションを選択します。

Image Added

[ユーザーセキュリティレベルの追加] ダイアログウィンドウでは、ユーザーは選択したデータセットに割り当てることができるセキュリティレベルを定義できます。次のパラメーターを使用できます:

  • セキュリティレベルの名前
  • クエリで使用される区切り文字
  • データフィルタリングのクエリーコード
  • セキュリティレベルが適用される適用列 (複数の列を追加可能)

クエリ―コードの定義

クエリーは、選択した列にフィルターとして適用されるSQLのような形式を使用しています。クエリーは次の手順を適用する必要があります:

  • SELECTで開始
  • メインデータセットは、変数 $mainDataset(ID) を介して参照されます。IDはデータセットIDです。
  • メインデータセットの別名はPT
  • メインデータセットは、結合の最初の部分で定義する必要があります。
  • 他のデータセットは、変数 $dataset(ID) を介して参照されます。IDはデータセットIDです。
  • 定義にはデータセット属性のみが許可されます。
  • 変数を適用できます。

Image Added

クエリ―コード 例

Code Block
language

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

CREATING USER SECURITY LEVELS

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

Image Removed

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

DEFINING QUERY CODE

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Image Removed

QUERY CODE EXAMPLE

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

VARIABLES

変数

次の変数を使用できますThe following variables are available:

  • $user(XXX) - will return user profile informationユーザープロファイル情報を返します。
    • XXX = usernameユーザ名, name, surname, phone, phone2. email, address, office, position, active, locale, timeZone, chartType電話番号, 電話番号2, メールアドレス, 住所, オフィス, 役職, 活動, ロケール, タイムゾーン, chartType
  • $user.parameters - ユーザーのパラメータに指定した値が含まれているかどうかをチェックします。

WHERE '${user.parameters}' LIKE '%department=ACCOUNTING;%'. 

  • $date(now) - will return the current date
  • $@reportVariable - will apply value of the report variable
  •  現在の日付を返します。
  • ${@reportVariable} - レポート変数の値を適用します。


user variablesreport variables

ワイルドカード

BellaDatiではワイルドカードを使用できます。これにより、任意の数の文字を置き換えることができます。

名称

説明

%ゼロまたは任意の数の文字を置き換えます。
_一文字を置き換えます。

UNION

In case multiple selects are required, use key UNION to join them.

APPLYING SECURITY LEVELS

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
    • Image Removed
  4. Select the required security level and click add

Image Removed

Applied user security levels are displayed on the user security level screen:

Image Removed

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.

Sv translation
languagede

複数の選択が必要な場合は、UNIONキーを使用してそれらを結合します。

JOIN

JOINが必要な場合は、クエリーでも使用できます。 JOINはLEFT JOINを表します。

セキュリティレベルの適用

ユーザーのセキュリティレベルを指定すると、データセットに割り当てることができます。これを行うには、データセットの詳細を開き、次の手順に従います:

  1. サブメニューの [ユーザーセキュリティレベル] オプションを選択します。
  2. [ユーザーセキュリティレベルを有効にする] オプションを選択して、ユーザーセキュリティレベルに基づくデータセットフィルタリングを有効にします。
  3. [既存のレベルを追加] オプションを選択して、既存のユーザーセキュリティレベルをデータセットに適用します。
    • Image Added
  4. 必要なセキュリティレベルを選択し、[追加] をクリックします。

Image Added

適用されたユーザーセキュリティレベルは、ユーザーセキュリティレベル画面に表示されます:

Image Added

[既存のレベルを追加] オプションを使用して、新しいレベルを追加できます。選択したユーザーのセキュリティレベルは、Xボタンを使用して割り当てを解除できます。


脆弱性リスクの低減

ここでは、特定のユーザーIDにのみデータを限定する簡単な例を示します。データセット26には、L_CONN_COLが含まれていなければなりません。このセキュリティは、L_CONN_COLを持つ他のデータセットにも適用でき、特定の行へのアクセスを可能にします。


Image Added



User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets

Sv translation
languagede

Die Benutzersicherheitsebene ermöglicht die Erstellung einer erweiterten Zugriffsdefinition auf Datenebene. Die Definition basiert auf dem angegebenen Filter, der auf die ausgewählten Datensätze angewendet wird

Note

Nur Benutzer mit zugewiesenen Domänenadministratorrollen dürfen Benutzersicherheitsstufen erstellen und verwalten.

BENUTZERSICHERHEITSSTUFEN ERSTELLEN

Öffnen Sie die Seite „Datensätze“ über das Hauptmenü oben auf dem Bildschirm.

  1. Klicken Sie im linken Untermenü auf „Benutzersicherheitsstufen“.
  2. Wählen Sie die Option Neue Ebene hinzufügen

Image Added

Über das Dialogfenster Benutzersicherheitsstufe hinzufügen können Benutzer eine Sicherheitsstufe definieren, die ausgewählten Datensätzen zugewiesen werden kann. Folgende Parameter stehen zur Verfügung:Name der Sicherheitsstufe

  • Name der Sicherheitsstufe
  • Trennzeichen, das in der Abfrage verwendet wird
  • Abfragecode für die Datenfilterung
  • Angewendete Spalten, auf die die Sicherheitsstufen angewendet werden (mehrere Spalten können hinzugefügt werden)

ABFRAGECODE DEFINIEREN

Die Abfrage verwendet ein SQL-ähnliches Format, das als Filter auf die ausgewählten Spalten angewendet wird. Die Abfrage muss die folgenden Schritte anwenden:

  • Beginnen Sie mit AUSWÄHLEN

  • Auf den Hauptdatensatz wird über die Variable $mainDataset(ID) verwiesen, wobei ID die Datensatz-ID ist

  • Der Alias des Hauptdatensatzes ist PT

  • Der Hauptdatensatz muss im ersten Teil des Joins definiert werden

  • Auf andere Datensätze wird über die Variable $dataset(ID) verwiesen, wobei ID die Datensatz-ID ist

  • Für die Definition sind nur Datensatzattribute erlaubt

  • Variablen können angewendet werden

Image Added

BEISPIEL FÜR ABFRAGECODE

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

CREATING USER SECURITY LEVELS

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

Image Removed

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

DEFINING QUERY CODE

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Image Removed

QUERY CODE EXAMPLE

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

VARIABLES

The following variables are available:

  • $user(XXX) - will return user profile information
    • XXX = username, name, surname, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $date(now) - will return the current date
  • $@reportVariable - will apply value of the report variable
user variablesreport variables

Image Removed

Image Removed

UNION

In case multiple selects are required, use key UNION to join them.

APPLYING SECURITY LEVELS

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
    • Image Removed
  4. Select the required security level and click add

Image Removed

Applied user security levels are displayed on the user security level screen:

Image Removed

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.

Sv translation
languagecs

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

CREATING USER SECURITY LEVELS

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

Image Removed

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

DEFINING QUERY CODE

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Image Removed

QUERY CODE EXAMPLE

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

VARIABLES

The following variables are available:

  • $user(XXX) - will return user profile information
    • XXX = username, name, surname, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $date(now) - will return the current date
  • $@reportVariable - will apply value of the report variable
user variablesreport variables

Image Removed

Image Removed

UNION

In case multiple selects are required, use key UNION to join them.

APPLYING SECURITY LEVELS

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
    • Image Removed
  4. Select the required security level and click add

Image Removed

Applied user security levels are displayed on the user security level screen:

Image Removed

New levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.

Sv translation
languagezh

User security level enables creating advanced data level access definition. The definition is based on the specified filter which is applied to the selected data sets

Note

Only users with Domain administrator roles assigned are allowed to create and manage user security levels.

CREATING USER SECURITY LEVELS

Open the Data sets page from main menu on the top of the screen.

  1. Click "User Security Levels" in the left submenu
  2. Select the option Add new level

Image Removed

The dialogue window Add user security level allow users define a security level that can be assigned to selected data sets. The following parameters are available:

  • Name of the security level
  • Delimiter that will be used in the query
  • Query code for the data filtering
  • Applied columns to which the security levels will be applied to (multiple columns can be added)

DEFINING QUERY CODE

The query is using SQL-like format that will be applied to the selected columns as a filter. The query must apply the following steps:

  • Start with SELECT
  • Main data set is referenced via variable $mainDataset(ID) where ID is the data set ID
  • Main data set alias is PT
  • Main data set needs to be defined in the first part of join
  • Other data sets are referenced via variable $dataset(ID) where ID is the data set ID
  • Only data set attributes are allowed for the definition
  • Variables can be applied

Image Removed

QUERY CODE EXAMPLE

Code Block
languagesql
SELECT PT.L_COMPANY, PT.L_LEDGER, PT.L_FIELD from $mainDataset(210) PT JOIN $dataset(208) JD1 ON (PT.L_COMPANY= JD1.L_COMPANY AND PT.L_LEDGER=JD1.L_LEDGER AND PT.L_FIELD=JD1.L_FIELD)
JOIN $dataset(209) JD2 ON (PT.L_CODE = JD2.L_CODE AND JD1.L_SHARED_CD = JD2.L_SHARED_CD) where ((JD1.L_USER = '$user(username)') AND (PT.L_COMPANY like '$@reportVariable1'))

VARIABLES

VARIABLEN

Folgende Variablen stehen zur VerfügungThe following variables are available:

  • $user(XXX) - will return user profile informationgibt Benutzerprofilinformationen zurück
    • XXX = username, name, surname, phone, phone2. email, address, office, position, active, locale, timeZone, chartType
  • $date(now) - will return the current dategibt das aktuelle Datum zurück
  • $@reportVariable - will apply value of the report variablewendet den Wert der Berichtsvariablen an


BenutzervariablenBerichtsvariablenuser variablesreport variables

UNION


In case multiple selects are required, use key UNION to join themFalls mehrere Auswahlen erforderlich sind, verwenden Sie die Taste UNION, um sie zu verbinden.

APPLYING SECURITY LEVELS

Once a user security level is specified, it can be assigned to a data set. In order to do that, open data set detail and follow the below steps:

  1. Select the sub-menu option User security levels
  2. Select the option Enable user security level to enable data set filtering based on the user security level
  3. Select option Add existing level to apply an existing user security level to the data set 
    • Image Removed
  4. Select the required security level and click add

Image Removed

Applied user security levels are displayed on the user security level screen:

Image Removed

Sobald eine Benutzersicherheitsstufe angegeben ist, kann sie einem Datensatz zugewiesen werden. Öffnen Sie dazu das Datensatzdetail und führen Sie die folgenden Schritte aus:

  1. Wählen Sie die Untermenüoption Benutzersicherheitsstufen
  2. Wählen Sie die Option benutzersicherheitsstufe aktivieren, um die Datensatzfilterung basierend auf der Benutzersicherheitsstufe zu aktivieren
  3. Wählen Sie die Option vorhandene Ebene hinzufügen, um eine vorhandene Benutzersicherheitsebene auf den Datensatz anzuwenden
    • Image Added
  4. Wählen Sie die erforderliche Sicherheitsstufe aus und klicken Sie auf Hinzufügen

Image Added

Angewandte Benutzersicherheitsstufen werden auf dem Bildschirm Benutzersicherheitsstufe angezeigt:

Image Added

Neue Ebenen können mit der Option Vorhandene Ebene hinzufügen hinzugefügt werden. Die Zuweisung ausgewählter Benutzersicherheitsstufen kann mit der X-Taste aufgehoben werdenNew levels can be added by using the option Add existing level. Selected user security levels can be unassigned by using X button.