Skip to content
  • Register

    • Oracle Transactional Business Intelligence Idea Lab

    Home Oracle Analytics Oracle Analytics Idea Labs More Solutions Idea Labs Oracle Transactional Business Intelligence Idea Lab

    Welcome!

    Sign in to share your experience and connect with the community.
    Log In
    Register

    Quick Links

    Categories

    Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

    Restriction of Data in reports and analytics while creating Data Model

    Needs Votes
    675
    Views
    16
    Comments
    Rank 3 - Community Apprentice
    edited August 2023 in Oracle Transactional Business Intelligence Idea Lab

    Currently any user account having access to BI Author role along with BIPDataModelDeveloper role is providing the ability to see any sensitive information in the Oracle fusion irrespective of data restrictions placed in the front end through role assignments.

    That is, this user while creating a data model can see any HCM data like (Payroll details, DOB, SSN, etc.) as well as financial data like (Invoice number, payment details etc.)

    This should be restricted in such a way that ONLY HCM user can see HR data and only Financial/Supplier user should see FSCM data. Otherwise this is a huge data breach issue of serious concern as it will lead to leakage of PII Data of all the users in the Oracle Instance.


    SUGGESTED SOLUTION:

    As you are aware while creating a Data Model and when we choose "SQL Query" for obtaining data they will ask us the option to choose between the below (Navigation --> reports and analytics --> Create --> Data Model --> SQL Query --> Data Source):

    1. AudioViewDB
    2. Demo
    3. Oracle BI EE
    4. ApplicationDB_FSCM
    5. ApplicationDB_HCM
    6. ApplicationDB_CRM
    image.png


    Segregate these LOVs using separate privileges and create a new Delivered Role having these privileges. With this user having access to ApplicationDB_HCM related privilege will be ONLY able to see "ApplicationDB_HCM" LOV in the dropdown.

    45
    Up
    45 votes

    Needs Votes · Last Updated

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Log In
    Register
    «1

    Comments

    • Rank 1 - Community Starter

      This is a very critical enhancement to secure PI data

    • Rank 1 - Community Starter

      This a Very crucial requirement to secure sensitive information of an Organization and request Oracle to provide segregation on this asap.

    • Rank 1 - Community Starter

      This enhancement is crucial to keep client data protected.

    • Rank 1 - Community Starter

      this is critical enhancement to align report data access with application data access, so that users get to see data based on their assigned data access. also we should be able to control SQL data model access

    • Rank 1 - Community Starter

      One of our customers is also looking for this feature.

    • Rank 1 - Community Starter

      This is a very important feature for us. Due to this gap, the access is restricted to a limited number of technical employees which limit the usability of the reporting tool.

    • Rank 1 - Community Starter

      This is critical enhancement to align report data access with application data access and very much needed and required.

    • Rank 1 - Community Starter

      We require this enhancement as it is important to have data segregation.

    • Rank 1 - Community Starter

      I wonder how can Oracle release this functionality without the data security in mind. It needs an immediate attention .

    • Rank 1 - Community Starter

      This is a much needed functionality and is a compliance and audit requirement to ensure no unwanted access is given to other groups. The advantages of single instance may not be bet used with this limitation.

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Log In
    Register