Categories
- All Categories
- 124 Oracle Analytics News
- 22 Oracle Analytics Videos
- 14.5K Oracle Analytics Forums
- 5.5K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 47 Oracle Analytics Trainings
- 7 Oracle Analytics Data Visualizations Challenge
- 4 Oracle Analytics Career
- 8 Oracle Analytics Industry
- Find Partners
- For Partners
Need to create one user that can have only access to OTBI.
I need to create one user that have access to OBTI only and will be able to create analysis for Project related subject area i.e. for Project Costing and Project Billing.
Answers
-
Here is a solution.
For a subject area go to your user guide to get the list of job roles
Oracle Fusion Cloud Project Management
Subject Areas for Transactional Business Intelligence in Project Management
F77994-01
23B
https://docs.oracle.com/en/cloud/saas/project-management/23b/faopm/index.html#COPYRIGHT_0000
for example
Project Costing - Actual Costs Real Time
- Grants Accountant
- Grants Administrator
- Grants Department Administrator
- Principal Investigator
- Project Accountant
- Project Administrator
- Project Manager
Create a copy of one of the job roles for example "Custom Project Role Read Only" as a copy of "Project Accountant". Edit that custom role. Keep all the data security policies. Remove all function policies so you can no longer "do" transactions (insert,update,delete). Remove all inhreitedd roles except keep the transaction analysis duty roles that give access to the subject areas you need. So in this case keep Project Costing Transaction Analysis Duty.
You can add in data security policies and grant transaction analysis duty roles from other job roles as required for other subject areas you need in scope of this custom role to expand it out from whaterver subject areas you get with the role you copied at the start. You now have a read only role than can "view" but not "do".
0 -
Tried this approach but when I am trying to fetch data like for project name it is errored out.
0 -
Hi, That is not an error. That is a successful query returning zero rows. This is the expected result if you do not have any data access. If you go to manage sessions to view the log you will see the where clause that was added at runtime to prevent you seeing any data becasue you have not granted any data access.
Roles do not give data access in ERP. The tranasction analyiss duty roles you granted just stop you getting an actual database connection error in this scenario instead of no data found when you query the metadata repository database using a subject area. To view data you need to grant this user data access using one of the data security policies in the custom role you have granted. That is why we did not delete them when you copied the original role. Select Navigator, select Show More, in My Enterprise select work area Setup and Maintenance. Select task Manage Data Access For Users. Now grant this user with this custom role data access using a security context such as a busniess unit. Repeat your test. You will now get data returned instead of no data found.
0 -
Hi @Nathan CCC - I'm trying to set up the exact same OTBI reporting only role (initially for Project Commitments Real Time, but will be expanding to other subject areas) and have attempted to follow these steps, however was unable to "remove all inherited roles except keep the transaction analysis duty roles that give access to the subject areas you need" (as per your advice above) as I received a Warning "you can remove only roles inherited by the current role". Is there any additional assistance you can provide? Thanks so much.
0 -
Hi Fiona, Think of it a bit like pruning a tree. You can only cut the branches at the trunk. Not any branches or leaves any higher up. But if you cut it at the bottom you remove all the branches higher up. The way I make sure of that is to use the filters in Query By Example. For example, if you copy "Project Manager" as "XX Project Manager Read Only" then enter "XX Project Manager Read Only" in "Inherited by Role Name" then Delete
0 -
Thanks @Nathan CCC I really appreciate your response. We are trying to create a reporting only role for Projects (with no UI access), so were hoping to only include OTBI relevant transaction analysis duty roles potentially removing ones like these:
Is it possible to get a solution with just assigning the transactional analysis duty roles together with the data access under e.g. Project Manager? I.E. Creating a brand new custom role from scratch?
0 -
Hi Fiona, Yes that is exactly what we did. That custom "XX Project Manager Read Only" role in the screen shot is a real role we have live in production. It only has the transaction analysis duty roles for the subject areas we use in OTBI - all other roles and function privs removed - but the data security privs were retained. It is used by all the people in our business who want to view project info but are not in fact project managers so must not be able to "do" stuff like create/update/delete transactions. All they can do is view the data on the analyses on the dashboards from the projects subject areas. Data security is done by the business unit policy.
0 -
This is exactly what we want this role to do @Nathan CCC but to be honest we're not getting it to work as you've outlined. Would it be possible for me to arrange a quick call with you to discuss (I'm sorry I'm new to this community so apologies if this isn't allowed)?
0
