Oracle Analytics Cloud and Server

Products Banner

Oracle Analytics Server - Catalog objects Security Concern

Received Response
45
Views
4
Comments

Summary:

For saved Data Connection and Data Sets There does not seem to be a way to force users to enter their own credentials when looking to refresh the data.

Example

"Peter" has access to data "X", He creates a connection and "dataset 20" (Oracle DB Based) using his own credentials.

The "dataset 20" is shared with his teams Application Role "Role1"

"Mary" (from the same Application Role) then goes and creates a project over this dataset, however she is now using Peter's credentials for the data refresh.

This would be a compliance and security issue for our users, and would lower the chances of business adoption.

Is there a method to force authentication for shared connections and associated datasets?

Content (required):


Version (include the version you are using, if applicable):

OAS 5.9


Code Snippet (add any code snippets that support your topic, if applicable):

Answers

  • Anyone got any ideas for this?

    This will be causing issues for the "Self Service" adoption regarding the Visualizer Component.

  • I typically wouldn't leverage the independent data set approach for analysis if there are concerns on data level security.

    If you use an RPD based approach you can implement data level security using Session Variables...

    Here is a great A-Team article outlining the process: https://www.ateam-oracle.com/implementing-object-and-data-level-security-in-oracle-analytics-cloud-using-identity-cloud

  • Ciaran
    Ciaran ✭✭✭

    Thanks for responding Stewart.

    Agreed and understand on the RPD approach however my angle here is on the "Self Service" and Community Collaboration type efforts that the likes of analysts and research groups thrive on.

    Oracle's Competitors have addressed this by forcing anyone who does not own the Data Source they have to re enter credentials when looking to refresh.

    It actually reminds me of how in the old OBI Office Add in, you could lock a worksheets data, therefore forcing someone to reauthenticate.


    I really feel this lets the product down if not redressed.

    I cannot convince large numbers of our users that they can transfer their scenarios from Tableau or Power BI to OAS for this reason.

  • For some connection types we have the options 'Require users to enter their own credentials' and 'Use the active user’s credentials'. We don't have these options for the Oracle DB connections today.

    For your example (a connection to an Oracle database) do all of your users have a userID in the database? If so, does the userID (exactly) match the userID being used in OAC?