Thursday, September 5, 2013

Sending OBIEE content to non-OBIEE users through agents

I often get to hear the following question concerning OBIEE agents:

"Why can't we send out personalized content (filtered data / row-level security) to non-OBIEE users by simply using their email address residing in the data?"


Killer answer: Security!

Think about it: If you use "Get Recipients from the Analysis used in the Agent Condition", it will actually perform a complete login with authentication + authorization through the security realm and only the fetch the data.

Now imagine that you bypass this "because it's so convenient to just have the email in the data". And now imagine me doing this:

update MYTABLE set EMAIL = 'uber.h4xx0r@somenastyplace.thief';
commit;


I think this should be answer enough as to why you do NOT want to be able to do this.
At all.

No comments:

Post a Comment