Person Records Secured By AOR Does Not Restrict Data Reflected In OTBI Reports
Summary:
Hello Everyone !
I am trying to secure the data returned by HR_ANALYST job role by using an AOR with a scope of Department. Although, it works fine in the HCM UI i.e.(Person Management) but when the same user accesses OTBI and choose any subject areas and creates an Analysis i.e.(Report), He gets all the data in the system irrespective of the security profiles assigned. How can we restrict his access in OTBI reports ?
Note - The user only has 2 roles, I.e. Employee Abstract role with view all access and HR Analyst data role with Person Security Profile where AOR is enabled with Department Scope.
Version (include the version you are using, if applicable):
21 D
Answers
-
Hi All,
This issue is now resolved. Incase anyone is facing the same, Kindly check the person security profile of Employee role. It shouldn't have view all worker or people.
Conclusion : OTBI areas are secured based on the HCM security profiles defined. If anyone is unable to get the desired output in OTBI analysis (Reports), Kindly check PSP of all roles the user has.
BIP reports can be secured by joining to a secured list view in your select statements. Then, the data returned is determined by the security profiles that are assigned to the roles of the user who's running the report.
1 -
There is Person Security Profile for Person and Public Person. Which one of the two did you change and what did you change it to?
0 -
Hi @Maruvada Sanat Kumar-Oracle
I'm trying to achieve the same data restriction in an OTBI report based on the security profile that's being applied. I attempted to select the correct security profile and also changed the employees' security profile, but the OTBI report is still displaying all the data.
Can you please help with this?
Thank you
Vikas
0 -
Hi @Vikas V. Kamat ,
You may follow the below steps to identify the cause in your case:
- In case, of any data access mismatch between functional screens and otbi reports, Kindly check all the data roles of the logged in user to identify the role that’s causing the issue.
2. Check the relevant Data security Policies in all data roles assigned to user
3. When building a custom version of the seeded role, data role shouldn't be associated to the seeded role else, it will inherit the policies and cause a security breach
0 -
Hi @Maruvada Sanat Kumar-Oracle
1. The data that we restricted based on the legal employer is displaying correctly on the UI screen, but in the OTBI report, all legal employer data is showing.
2. The data security policies are correct, and the condition selected as the security profile is perfect.
3. We have created the data role in the same job role (for example, the ABC Job role). We go to Manage data role and security profile, search for the ABC Job role, click on edit, and set the security profile.
Please confirm if everything is correct. Thank you for your assistance.Thank you
Vikas
0