How do we create a role to view OTBI analysis for a user that doesnt have transactional access?

IIGC

Summary:

We have users that dont work with AR, but we want them to be able to open OTBI analysis made with AR subject areas. We tried creating a Financials role with the specific job role needed for the subject area but the user cant see the data on the analysis. We then tried to add the newly created role in the "mange data access for users" with security context "business unit". The user still cant view data on the analysis.

The user should not be able to open anything on the AR module, just the analysis

Content (required):

The subject area is: Receivables - Payment Schedules Real Time

The job role we are adding to the new role is:Accounts Receivable Manager

Version (include the version you are using, if applicable):

22A

Code Snippet (add any code snippets that support your topic, if applicable):

Nathan CCC

Yes for most job roles it is possible to copy it to a custom role then remove stuff to make it a "View but not Do" role. So you remove all the privileges that allow a user to do things like insert, update, delete transactions but leave behind the privileges that allow user to use the manage screens to view data and use the subject areas to view data in analytics and reports.

I would argue that if the user can view analytics then it is ok to also go to the application pages to view data in the work areas too like on the manage search screens as long as they cant actually do anything. The application is setup expecting this for example as a project billing specialist job role in the work areas in projects you can click a button to view the receivable transaction on a project invoice but read only - you cant edit anything.

Read your subject area guide to get the job roles and duty roles that can view this subject area. https://docs.oracle.com/en/cloud/saas/financials/22b/faofb/Receivables--Payment-Schedules-Real-Time-SA-32.html#Receivables__Payment_Schedules_Real_Time_SA_32_d1e9571

In this case

Job Roles

• Accounts Receivable Manager
• Accounts Receivable Manager Segregated Role
• Accounts Receivable Specialist
• Accounts Receivable Specialist Segregated Role
• Advanced Revenue Analyst
• Advanced Revenue Manager
• Billing Manager Segregated Role
• Billing Specialist Segregated Role
• Financial Analyst
• General Accountant
• General Accounting Manager

Duty Roles

• Receivables Transaction Analysis Duty
• Receivables to Ledger Reconciliation Transaction Analysis Duty

No pick a job role, maybe the one that is closest to being view only already, copy it, start removing any privileges not required to view data. You will need at least the transactional analysis duty roles. And whatever data security.

Regards data security you need to review each of the data security policies in the job role. One of these may or may not be a policy with a name such as "Grant on Business Unit" with data resource "Business Unit" with a privilege that allows you to configure data access using page "Manage Data Access for Users" with security context business unit to view data in receivables instalments. Alternative methods for data security exist in job roles not using bu.

Also remember you have a lag in time between granting a user a role and the bi analytics system finding out about it. So in analytics always check the user has a role from the perspective of the bi server by asking the user in analytics to select My Profile, select My Account, select Application Roles. Check you can find the role in this list that you know you granted to the user that you can see already in the application in work area Tools - Security Console, or work area Me - Roles and Delegations etc.

IIGC

Thank you, this worked great! We copied the role and removed most of the items and the user can now see the reports without having access to the transaction screens. (we had to use :manage data ccess for users" to provide access to the BU)

We are trying to use the same solution now with procurement (to se PO reports) but we are not having the same luck, we are mising data access permisions. We tried the same approach of looking at the data access needed for the original role (procurement managemen uses BU) but we cant get the user to see anything yet

Bhaskar Konar

Thanks for sharing. Appreciate your help.