Security for Multiple Data Sources
By Jeffrey Mcdaniel-Oracle on Jul 17, 2013
The default method of security for the P6 Reporting Database is row level security. With this security policies are applied to each logical level of security enforcement - project, resource, costs. Security is calculated out for each user with the Analytics module access. Security is written into STAR for each project this user has access to and if they do or do not have cost access, similar calculation based on resource access and written to a resource security table.
Since the introduction of the ability to have multiple data sources into the STAR data warehouse we needed to now be able to enforce security based on these qualifiers as well as data source id. If user Jeff has access to Project Philadelphia in DS1 that security will be written out and applied by the policies. If user Jeff also exists in DS2 and there is also a Project Philadelphia in DS2 but user Jeff does not have access then he will not have access through P6 Analytics\P6 Reporting Database either. The project id, and data source id would be different and when filtering user Jeff would not gain access to that project because it is already calculated out and the query would only apply to that data source. This type of security enforcement allows for separation of data sources based on security but also allows for the aggregate abilities of multiple data sources if the user did have access to projects or resources in both data sources. In the end with access to both you can show a unified view of the enterprise wide data for all data sources.