Member-level security

Member-level security enables report designers to limit user access to the specific members of dimensions in business/report cubes or of groups in business views.

The relationship between a user/role/group and the members of a dimension/group are classified into these groups:

• Allowed Set
  The members of a dimension/group visible to a user/role/group, which are directly specified in the user/role/group, excluding those inherited from the parent roles or groups.
• Denied Set
  The members of a dimension/group invisible to a user/role/group, which are directly specified in the user/role/group, excluding those inherited from the parent roles or groups.
• Unspecified members
  The members of a dimension/group that are not specified in a user's allowed/denied Set or in the inherited allowed/denied set from the user's parent roles/groups. The option is available to users only.

A user/role/group can have its own allowed/denied set and inherit the allowed/denied sets from its parent roles or groups. The parent allowed/denied sets will be calculated first and it is a recursive process.

See also Member-level security in the JReport Designer User's Guide for more about member-level security and how to set up the policy in JReport Designer.