Applies to: Kyvos Reporting

Kyvos Reporting provides robust data security by allowing administrators to restrict users' access to data using data restriction parameters. Users can view only the data they are authorized to see, based on values configured at the organization and user levels.

This document explains how to configure data restriction in Kyvos Reporting using parameters and how it applies to both Query Objects and Analytical Objects.

What is Data Restriction?

Data Restriction in Kyvos Reporting ensures that:

• Users can only select parameter values assigned to them.

• Reports and dashboards display data based on those restricted values.

When running a report with user parameters, users must choose from the restricted set of values. This helps maintain row-level security across the platform.

Example Scenario: Query Object-Based Data Restriction

Business Use Case

You have:

• Two floor managers, each responsible for a different set of sales representatives.

• A store manager who oversees both teams.

Objective:
Allow each floor manager to view only their team's sales data, while the store manager can view data for all representatives.

Step 1: Create a Data Restriction Parameter

1. Go to Navigate > Repository > Report Objects > Parameter
   or
   Navigate > Design > Parameter Object.

2. Create a parameter, for example: prm_REP_name.

3. Select the Data Restriction checkbox.

4. Save the parameter.

Open

Step 2: Apply Restriction at the Organization Level

1. Go to Navigate > Administration > Manage Users > Organization.

2. Select the organization and click Modify.

3. Open the Data Restriction tab.

4. For prm_REP_name, select Restrict To Values and assign representative names.

5. Optionally, add Additional Values.

6. Click Save.

Open

Step 3: Apply Restriction at the User Level

1. Go to Navigate > Administration > Manage Users > User/Role.

2. Expand the organization and select the user (e.g., Floor Manager 1).

3. Click Data Restriction.

4. For prm_REP_name, assign the relevant representatives.

5. Click Save.

Open

Repeat for Floor Manager 2 and assign the appropriate values.

Open

For the Store Manager, assign values of all representatives.

Open

Step 4: Use the Parameter in a Query Object

Define prm_REP_name in a Query Object to fetch data based on assigned values.

Open

When users log in:

• Floor Manager 1 sees only their team’s representatives.

  Open

  

• Floor Manager 2 sees theirs.

  Open

  

• Store Manager sees the complete list.

  Open

  

Row-Level Security in High Speed View (OLAP Cubes)

Data restriction also applies to Analytical Objects used in High Speed View.

Business Use Case

• Employees can view insurance data for their assigned countries.

• A manager can view all countries’ data.

Step 1: Create a Data Restriction Parameter

1. Create a parameter: prm_Country.

2. Select the Data Restriction checkbox.

3. Save the parameter.

Open

Step 2: Apply Organization-Level Restriction

1. Go to Navigate > Administration > Manage Users > Organization.

2. Select and modify the organization.

3. Go to Data Restriction tab.

4. Assign country values for prm_Country.

5. Click Save.

Open

Step 3: Apply User-Level Restriction

1. Go to Navigate > Administration > Manage Users > User/Role.

2. Select a user (e.g., Employee 1) and click Data Restriction.

3. Assign country values for prm_Country.

4. Click Save.

Open

Repeat for Employee 2 and assign their respective countries.

For the Manager, assign both employees’ countries.

When running reports:

• Employee 1 sees only their assigned countries.

  Open

  

• Employee 2 sees theirs.

• Manager sees the full dataset.

Summary

Kyvos Reporting administrators can enforce row-level data security by:

• Defining Data Restriction parameters.

• Assigning values at the organization and user levels.

• Applying these parameters in Query Objects and Analytical Objects.

This ensures each user accesses only the data relevant to their role.