Categories
How to disable users from printing and exporting analysis and dashboards in OAS
Summary:
How to disable users from printing and exporting analysis and dashboards in OAS
Content (required):
How to disable users from printing and exporting analysis and dashboards in OAS
Version (include the version you are using, if applicable):
6.4
Code Snippet (add any code snippets that support your topic, if applicable):
Answers
-
Hi Sunil,
Not sure if OAS has this option , but in OAC Classic there is the option in Admin-> Manage privileges
0 -
Hi Jahnavi, thanks for quick response. In OAS we have given user BI-Consumer Access and this BI-Consumer is an Application role. Any idea how to edit this default application role so that we can remove "Access to Export"
Regards,
Sunil
0 -
Do what Jahnavi said: go in Admin -> Manage privileges and change the privileges for the "Access to Export" privilege.
You don't map privileges to app roles, you add app roles to privileges. (And if you aren't familiar with that page, stay away from "deny", you will understand why if you don't...)
Just keep in mind that it's impossible to really disable these things: if the data is on screen, it's gone already. You can remove all the settings you want, if a user can see it on screen he will be able to print it out, take a picture or anything like that. Sometime the ideal perception of perfect security make you waste time in pointless things...
0 -
Hi Sunil,
Default Application roles can not be edited .You can create Custom Application roles by inherit any Prebuilt application roles based on your requirement.
0 -
Default application roles can be edited, you can edit everything and even drop them fully (OP talks about OAS, full access to EM and app roles management and app policies management). This is just not the point, OP doesn't really want to edit an application role but want to change default privileges grantees.
0 -
Hi Sunil,
2 option here.
- If you want to restrict the access for BI Consumer then under Admin-> Manage privileges you can Denied it. but it will disable for all the user who belong to BI Consumer.
- You can create new custom Application role by inheriting BI Consumer Application role. assign respective users whom you want to restrict the access. Come to Admin-> Manage privileges then search for newly created custom role and denied the access.
0 -
Just saying (again), think twice before using "denied" in the privileges.
"denied" is stronger than any "granted", by inheritance you can disable things to everybody just by adding a "denied" on BI Consumer.
"denied" should be used very carefully in the privileges page. Remove the grant to BI Consumer instead of denying it. It has a very different behavior and it's easier to control side effect (because you can grant that privilege to another app role and you don't lose the functionality for every single user including admins).
Security in OAS (OAC) is something you should always think carefully, keeping in mind inheritance and the priority in rules with, in the privilege case, "denied" being stronger than any "granted".
0 -
I am agree with you . 'Denied' is not always recommended but the second option which i mention Cant work? if we need some set of users whom i restrict the access rather than generic BI Consumer Users.
0 -
Based on the thread, I'm assuming all Analysis and Dashboards are in the Classic OBIEE view. If that is the case you can set the export property at the dashboard/analysis level.
When working in the Data Visualization side of OAC, I haven't found a simple way to limit exports of the canvases.
0 -
But with this option it will restrict access for all users. But lets say if we have to restrict the export option for some set of users.
0
