We have a challenge prototyping a particular Filter condition in the Viewpoint Workload Management portlet.
In a nutshell, we have a development user id that has access to a number of databases on our development system. For two of these databases (the one contains the base tables, the other is the corresponding view layer), we want to prevent the user from joining these two databases to the remainder of the databases that they have read access to.
The reason for this is that we have a challenge convincing certain parties of the importance of having a single data integration layer with dependant data marts, including the need to design tables to be joinable in the most efficient manner possible. The developers have indicated that these two databases will always be stand-alone, and that users will never be joining the tables/views contained in them to our existing integration layer.
To ensure that this will always be adhered to (to prevent performance impact), we want to enforce this via filters.
However, the problem is that the logic and conditions available via the workload filters do not seem to be providing the expected results. I have tried a variety of combinations of options without success. Is there possibly a bug with the boolean logic, or is my understanding of the "AND" conditions incorrect?
There are also varying results depending on whether you are accessing via views, or accessing tables directly in query join condition.
Where could I get more detailed information/manual on filter conditions?
Aspects I have tried including in the filter classification criteria (in varying combinations):
Request Source : User Name
Target : DatabaseName (with * inclusion and optionally specific exclusion) (I tried with, or, without the JOIN TYPE<all joins> at database level)
Target: *(all) TableNames (covering the database with tables not to be joined <OR (via another filter)> Target: *(all) ViewNames (covering the database with views not to be joined)
Query Characteristics : JOIN TYPE<All Joins> (I tried with and without this filter-level criteria)
Teradata Viewpoint 15.10.00.04-b71
*** Teradata Database Release is 14.10.06.02
*** Teradata Database Version is 14.10.06.03
I have nearly exact same issue currently.
This appears to be a bug, as it behaves differently for when a user is logged in, then the rule is applied, however when the user logs out attempts to log back in it actuall disallows the login, when i am only filtering access to a view.
When I have 2 filters, or a single filter with 2 entires in the exclude condition like (Viewname = ABC* , viewname = DEF*) where only want a user to have access to views named like ABC* or DEF*, this breaks. If I define the filter as only 1 condition Viewname = ABC*, it works correctly, but adding the secondary condition (which functions logically as an OR) it doesn't apply the logic correctly.
Even stranger , after creating the rule with 2 conditions, and then updating the rule to one condition, and re-activating the ruleset, things are broken still. I have to completely re-create the rule with 1 condtion for the filter to (work as expected) I will be opening and incident and refering this post, as it looks very much like a bug, or some other wrong application of the logic.
Assuming you have 02 Databases DB_1, which contains all the Tables & DB_2 containing all the Views. You wish to forbid any joining operation between any database with either DB_1 or DB_2. You wish to apply a Filter Logic to achieve the same. Assuming we have captured your requirement correctly, then we can have achieve the above condition via a Filter "Filter_1" defined as:
Target: Include: (Databases: DB_1, DB_2)
Query Characteristics: Any Join
If you logged in via any DBS User not being bypassed by the Filter, we receive the following conditions while attempting to join any Table of say, DB_1 with any other database: SELECT Failed. 3149: TDWM Filter violation for Query Request: For Rule Name 'Filter_1'
Kindly review the same & confirm whether your issue is resolved.