Hi, We have the folloiwng situation. Have a folder which contains reports for all products which internal user should can see. We wish to allow external users to see these reports but the data limited to only their products. Don't want to have separate copies of the reports. Can implement row-level security at universe layer such that if they refresh thereport, will only return data for their product. However, if external user just views existing reports in these folders then they see data for all products.
Suggestion so far has been to save documents empty/set to automatic refresh on open but does this not need rely on users ensuring document properties set this way.
Anybody a way of solving the above scenario in automatic way via rights/security etc.
The refresh on open setting is a property of the document rather than a security right so you would need the person creating the document to set this appropriately and purge the data before saving in a public location. This should be part of the dev->test->prod QA testing and part of the documented testing if this is what is required.
If we are talking about people creating Ad Hoc reports that they then make available for users then hopefully there is only a limited number of people who have access to write to the public folders so part of the training should include the checklist to ensure the data consistent and security before making their report public.
If you needed the internal users not to need to 'refresh on open' but the external users to 'refresh on open' then you would need two copies of the report. You could then keep then in different folders and set the rights on the folder so that external users can only see the external version of the report and vice versa (or something similar). This way you can have a scheduled report with all the product for internal users and a seperate 'refresh on open' version of the report for external users. Obviously you may be happy for the internal users to also 'refresh on open' in which case you'd only need one copy.
If keeping two copies of the reports is your only option then I recommend that you include this in your content planning and also ensure that it is consistent - i.e. the folder name used, or the name you use for the reports is always consistent no matter which part of the public folders the reports are in. This makes managing the content, and understanding what each report is, much simpler as time goes on (e.g. if the reports for external users are always in a folder called external and the internal ones in a folder called internal).
As you mentioned, the security for the data would be handled using row level security in the universe but the document must be created 'purged' and with the 'refresh on open' selected.