Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 60 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
User with the "FBI_WORKFORCE_TRANSACTION_ANALYSIS_DUTY" role was not able to see any data in OTBI
Hi Guys,
WE have issue in OTBI Workforce management subject area data access.
User with the "FBI_WORKFORCE_TRANSACTION_ANALYSIS_DUTY" role was not able to see any data when they run the OTBI with the 'Workforce-Management' subject area.we have added security profile as well but still it does not gives backs any data.Any idea?
Thanks in Advance!
Answers
-
Hi,
That is likely the expected result - no data found. A duty role does NOT give data access.
All a transaction analysis duty role does is stop the system throwing a database connection error when you issue a query to that subject area in the metadata repository database.
The expected result of a user who does have granted the duty role is when they query the subject area is to get back as many rows as they have been setup to be able to view as per the data security policies in their job role(s). If no data access is setup then for many subject areas configured with row level security the expected result is a successful query execution with zero rows.
If you view the physical sql in your session log you can see the where clasues added by the system at runtime for data security. So either 1) go to page /analytics/saw.dll?issuerawsql, cut paste the logical sql from the advanced tab of your analysis, then view log with log level 2 or 2) run the analysis then go to manage session then view log https://fa-esxc-dev3-saasfaprod1.fa.ocs.oraclecloud.com/analytics/saw.dll?Sessions
In your user guide you can see what JOB roles are setup for each subject area. The job roles inherit the transaction analysis duty role(s) to allow you to query a subject area without error. But the job roles also include inside them the data security policies that may be used by the subject area for data access.
Oracle Fusion Cloud HCM
Subject Areas for Transactional Business Intelligence in HCM
F77744-01 23B
Workforce Management - Worker Assignment Real Time
which requires job roles (or a custom copy of the JOB role with as minimum all privileges removed except required transaction analysis duty roles and data security policies for a subject area)
- Human Resource Analyst
- Line Manager
which inherit duty roles
- Workforce Transaction Analysis Duty
So for HCM subject areas out of the box by design on purpose you get no data access. You need to create a data role that inherit your JOB role. Setup this data role with security policies to allow you to see persons, oraganisations, legislative data groups etc.
For more information see
Oracle Fusion Cloud HCM
Securing HCM
F77760-03 23B
HCM Data Roles and Security Profiles
https://docs.oracle.com/en/cloud/saas/human-resources/23b/ochus/hcm-data-roles.html#s20029787
0 -
Hi Nathan,
Thanks for detail explanation. I have created data role FBI_WORKFORCE_TRANSACTION_ANALYSIS_DUTY_CUSTOM WITH all security polices enabled.
I have added this role in another custom data role as below. But I unable to see security policy required for workforce management subject areas after adding this role as this results no rows error in subject area. Any idea would be greatly appreciated.
0 -
Hi,
For the data access bit you need a data role with security profiles (in addition to as per your screenshot the role with data security polices). So go to page "Manage Data Role and Security Polices" then create a data role on top of the job role required for teh subject area in this case Human Resource Analyst (or on top of a custom copy of that job role). It is this custom data role that has in it the security profiles for what data to access.
Then setup what data you want to give access to with "security profiles" in the DATA role (this is a different thing to the "data security policies" in the JOB role).
For example, if you want user only to view their own record and nobody elses data...
0
