It is "as designed" and not considered a defect. The thing to keep in mind is that the admin user is typically the one doing the query [to be able to see information across multiple permission groups] for the flashboard (as defined at design time), not the user. Thus, since the admin can see all data, all the info is passed into the high level response that Flashboards use for display. As mentioned, the data itself is not available and is protected by row level security when users drill down.
It's kind of like if you wrote a program (as root) that listed the users on a UNIX system with the highest disk usage for everyone to see - you would be posting high level information about each user (e.g. disk usage), but the users themselves could not see the actual data that was taking up the space. -David J. Easter Sr. Product Manager, Service Management Business Unit BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Carey Matthew Black Sent: Tuesday, September 11, 2007 6:12 AM To: arslist@ARSLIST.ORG Subject: Re: Row level access with flashboards Jason, I think that what you are seeing is "as designed". I hold this position because you can control the permissions (at design time) to the Flashboard object. So the developer has to have some ability to expose or hide the data for the targeted users. I think the real difficulty is that statistical information (like Count, Max, Min, etc) might need to be done across all of the application level restrictions for management to really get the whole picture for the business. So I can see a good argument for allowing Flashboards to show such things. However, when the user goes to "drill down" into the data, then I would think it reasonable for the results to be limited to the portion that the individual user has access too. Example: Flashboard to show number of order that are 4 or more days old that are not yet "Sent to the customer". I would think that the President would have enough access to see all order from all departments. So when they drill down they see the whole picture. However a head of a department might only see the orders from their department when they drill down. I would also suspect that the Group By clauses would likely match (very well) to the logical restrictions that the application imposes too. So there likely would only be one "department breakdown" (er.. Group By element) that a given Department head could drill down on and get a non-zero list. However, I also think there is value in letting the Department heads see the counts for the other departments too. I do see how the design you were expecting could be useful too. I am just not sure how to achieve it short of making Flashboard a total "Run Time" calculation. ( Which it is not in the current design.) -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. On 9/11/07, Jason Miller <[EMAIL PROTECTED]> wrote: > ** <snip> > I realize that I could update the FB's to query the user's group list > but my current mission is to see if I am seeing the as designed > behavior or is this a bug. This may be a good gotcha to know about when designing flashboards. > > > > Thanks again, > > Jason ________________________________________________________________________ _______ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
