Row Level Security in CR Server

Friday 28 January 2011 @ 12:07 pm

A customer recently asked me about setting up row-level security in CR Server.  Row-level security is when reports are automatically restricted to the data that the user is allowed to see (based on their user ID).  I had assumed that this required the full BO Enterprise or else one of the third-party tools that supports this feature.

I was pleasantly surprised that there is a way to accomplish this using CR server.  It involves using the Crystal function CurrentCEUserID or the function CurrentCEUserName.  It also requires that you set up a table that maps each user to the locations or departments that they are allowed to see in their reports.  You link this table’s location or department field to the corresponding field in your report, using an inner join.  Then you add a rule to the selection formula that says something like this:

CurrentCEUserID = {MappingTable.UserID}

With this rule the report will be able to return only the records from locations or departments that are mapped to the current user.  If the user doesn’t have his ID mapped to that specific location or department, then those records won’t be in the report.  This doesn’t prevent the user from selecting that location or department.  Even if you use a dynamic parameter you will find that the selection formula doesn’t apply to the query used to provide the list of values for that parameter.    To filter a dynamic parameter you would need to be using SAP business views as your data source.  These filter the data before it gets to the report.  So the method described above will let the user select any department in the parameter list.  But if he isn’t mapped to it he will get a blank report.

Of course, my longstanding concern with CR Server is that it seems expensive relative to the features it provides.  Using third party scheduling tools you can get scheduling and Email functions for less than $50, Email bursting functions for under $400.  And there are third party web portals that are in the same price range but that do not limit the number of named users you can create.  So make sure you know all of your options before you commit to a purchase.

And if you want someone knowledgeable to help you find the right tool for your deployment, I can help.

Leave a Reply

Recrystallize Pro

Crystal Reports Server