nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

BIP Security - Need to restrict user from modify and deleting the reports only in Shared Folder

Naresh Reddy

Hello All

We would like to restrict the users from creating, deleting and modifying the report from shared folders. I was able to do it but the issue is users are not able to create/modify/delete reports in "My Folders" folder.

Can someone please help me with requirement where user should be able to create/modify/delete the reports in "My Folders" folder but should not have any create/modify/delete access in Shared Folders. They should be able to only run and schedule the reports available in Shared Folders.

Thanks in advance.

Please help.

Find more posts tagged with

BI Publisher

BI Publisher Data Models

Comments

Shantaram-Oracle

"My Folders" is a user specific sort of personal folder. Items that you save to My Folders appear only to you when you expand the folder. Items that other users save to My Folders appear only to them.

Items that you save to Shared Folders can be viewed by all logged-on users with BI Consumer privileges. If you have BI Consumer privileges, you can also view the items that other users have saved in Shared Folders. Of course, the access on the shared folders can be restricted according to the requirements. Are you saying if the user saves a report to My folder, he/she is not able to delete or modify it?

Gianni Ceresa

You shouldn't mix features permissions and catalog permissions. Removing your users the ability to create BIP reports will apply everywhere, you removed the feature for them.

Yours is just a catalog permission thing. The system comes with a default security model (a number of application roles with inheritance, and default security permission on the root /shared folder controlling what can be done there inside). Design and implement your security accordingly to not your users create, modify, delete content from /shared, while letting them traverse and open reports in there.

The default out of the box security model is extremely simple and not adapted for a real enterprise implementation. Generally you need to split the control on features and catalog permissions to have control of everything at any level. But it's something you have to design and implement yourself (or your quick fix for this one will give you other issues somewhere else depending on who and how uses your analytical platform).

ErickRecio-Oracle

On Fusion CX Sales, to change the permissions at folder level you can connect as the user who you have designated as the BI Administrator onto BI Analytics then select Catalog, select the root folder that you want to change. Under the right window, select "More" and on the context menu select Permissions, then change the permissions accordingly.

You can set permissions for CX Roles individually. The simplest case for your question would be to set BI Administrator as the Owner, then BI Consumers to Read Only. In the case of Fusion CX Sales you could easily select Sales Representative user roles as well and change the permissions accordingly.

In the following picture I created a shared folder called Sample, then I'm changing the permissions as needed.

Notice I am applying the permissions to sub-folders and items within the folder, including Analysis and Reports

As a result only BI Administrators would be able to change the report. Other users like Sales Representative roles and Sales Analysts won't be able to take ownership of the items within that folder, nor will they be able to modify the report in any way. Notice you are changing the permissions at folder level, and not the privileges to the users, so the My Folders are not affected. Also notice that I'm not granting permissions to BI Author role at this point, so I'm making sure that only the Administrator has access to modify, replace or do anything else with the content within the folder.

Tip: To add a role to the list click on the + sign. If you sear use a * as the wild character. To remove a role select it and click on the X.

As a BI Administrator you can get finer grained to each of the items within the folder, and add or remove permissions as well from the catalog. Those permissions will be valid for BI Publisher as well.

Please try it and get together with your security and functional teams to validate the correct combination of shared folders and content permissions.