Paul Hickford 2 Posted July 4 Share Posted July 4 Hi all, I'm looking for some documentation about how to show/hide tabs for user groups. I am in the process of building a dashboard which will be accessed by users using the analyst client (currently version 12). I have setup row level security by including filters into the information link using the %1 in (%CURRENT_GROUPS%) statement in a filter. This works perfectly, but has the consequence that some of the visualizations built on the full dataset (intended for a subset of users) don't show anything meaningful to the users in the limited groups. Ideally I'd like to keep one version of the dashboard for all users to keep the maintenance as simple as possible, but would like to be able to show/hide some tabs for some of the user groups. My intention is to keep my current landing page and all tabs visible for one set of users but have a simplified landing page and a subset of the tabs visible to some users as defined by group membership. I've seen some posts like this one suggesting this can be done using Iron Python scripts, but the details in the post aren't clear for me to follow. Any guidance or documentation to do this would be much appreciated. Link to comment Share on other sites More sharing options...
David Boot-Olazabal Posted July 5 Share Posted July 5 Hi Paul, I have done this once for a customer, before we were able to hide pages. It basically removed the page for restricted users. And since these user groups couldn't save the analysis file, it worked fine. I should have that somewhere (will post it if I find it). When I find it, I'll also see if I can make the pages hidden for these user groups in stead of removing them on runtime. That is still a bit more secure... Kind regards, David Link to comment Share on other sites More sharing options...
Olivier Keugue Tadaa Posted July 5 Share Posted July 5 (edited) Hi Paul I confirm that this is possible with an IronPython script that will be executed when a user opens a report (how to trigger a script can be discussed later) Basically , this is what you need A rudimentary role-based access control that can be implemented with a data table with two columns (user-name, tab) providing the information on who can access what. That information can be stored on a database and retrieved using the same principle that you described for the row-level security with %CURRENT_USER%. You can implement a more complex solution depending on your needs an IronPython script that reads from this data table and hides all the tabs except the one that the user can access (you might probably need some knowledge of our client API and Python language but I believe there are some available code snippets) A trigger to run that script when a user opens the dashboard (the datetime data function I suggest for this step is explained here ) This solution has been implemented by some of our customers and works on both the Web Player and the Analyst Client I hope this helps Edited July 5 by Olivier Keugue Tadaa Link to comment Share on other sites More sharing options...
David Boot-Olazabal Posted July 5 Share Posted July 5 Hi Paul, I've found my example dxp file. Not sure what version you're on, but I made it work for Spotfire 14.4. The main idea is as Olivier explained. I have a dataset and I'm using a special info link to pick the user group which I need to restrict. Based on the outcome of the info link data, I'm able to hide a page for those restricted users. The script also offers the initial option to remove the page (I made it inactive though), but hiding the page feels a bit better to me. As I'm using 3 scripts in total, and I also have 3 document properties that interact with them: The sysdate and UserGroup properties are filled by a data function. The sysdate isjust the system date of opening the file and the UserGroup comes from the information link. If you have only one group that needs to be restricted, you can set the value hardcoded in the data function (it currently is an expression). Let me know if you can open this analysis file or that you need it in a different version to see how it works. Kind regards, David Dashboard with Restricted Tab example.dxp 1 Link to comment Share on other sites More sharing options...
Paul Hickford 2 Posted July 9 Author Share Posted July 9 Thanks for your help, I'm having another look at this today so these files look useful. I have already created an information link that loads the users group membership by querying the Spotfire database and applying row filtering to show groups based on the %CURRENT_USER%. Hopefully I can use this as a check to show/hide the relevant tabs based on groups so that I have a single point of administration. Link to comment Share on other sites More sharing options...
Paul Hickford 2 Posted July 9 Author Share Posted July 9 Our prod system is on v12 for the moment, so I wasn't able to open your file but I think I managed to get enough information from suggestions here and this youtube video. Essentially I created a view based on this that I exposed via an information link filtered to the %CURRENT_USER% select users.user_name, groups.group_name from group_members_view join users on group_members_view.member_user_id=users.user_id join groups on group_members_view.group_id = groups.group_id This give a table called UserGroups with a row per group the user is in. I pivotted this to give a single row, with a concatenation of the groups. Eg: USER_NAME GROUP_LIST username1 Site1, TeamA, Everyone Then this IronPython script: from Spotfire.Dxp.Data import * #Read user name or user group username = "" groupname="" table=Document.Data.Tables["UserGroups"] cursor1 = DataValueCursor.CreateFormatted(table.Columns['USER_NAME']) cursor2 = DataValueCursor.CreateFormatted(table.Columns['GROUP_LIST']) for row in table.GetRows(cursor1,cursor2): username = cursor1.CurrentValue groupname = (cursor2.CurrentValue) #Create list of pages as per the username or group #Any other logic to select page will go in this part visiblePageList = [] if "Global" in groupname: visiblePageList = ["Landing Page","Site1","Site2"] elif "Site1" in groupname: visiblePageList = ["Site Landing Page","Site1"] elif "Site2" in groupname: visiblePageList = ["Site Landing Page","Site2"] else: visiblePageList = ["Error"] #Show or hide the page based on the visibilityPageList for page in Document.Pages: print(page.Title) if page.Title in visiblePageList: page.Visible=True else: Document.Pages.Remove(page) # page.Visible=False This version as I have it configured actually deletes the unneeded tabs, but by swapping the comments from the last two lines it can hide them instead. I already have a document property that uses the current date time to calculate some forward and backward looking dates into Document properties, so it was easy to make the script run on document load, One limitation/issue I'm aware of is that the group checks are done in order and as soon as one is satisfied the check ends, so if a user was in the Site1 and Site2 groups they would only see tabs for Site1. In my case this shouldn't be an issue as people are either in the Global group or one of the local groups, but this may need refining. Also needs some care to ensure the group names do not allow accidental matches, eg Site1 could also match Site11, Site12 etc, but this isn't an issue for me. Link to comment Share on other sites More sharing options...
David Boot-Olazabal Posted July 9 Share Posted July 9 Hi Paul, I have converted my 14.4 dxp file to a 12.0 LTS dxp file. That should give you the possibility to open the dxp file and do a cross-check on the code. Kind regards, David Dashboard with Restricted Tab example.dxp Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now