Oracle Communities

Oracle Analytics and AI

Child Item

Restriction of Data in reports and analytics while creating Data Model

Currently any user account having access to BI Author role along with BIPDataModelDeveloper role is providing the ability to see any sensitive information in the Oracle fusion irrespective of data restrictions placed in the front end through role assignments.

That is, this user while creating a data model can see any HCM data like (Payroll details, DOB, SSN, etc.) as well as financial data like (Invoice number, payment details etc.)

This should be restricted in such a way that ONLY HCM user can see HR data and only Financial/Supplier user should see FSCM data. Otherwise this is a huge data breach issue of serious concern as it will lead to leakage of PII Data of all the users in the Oracle Instance.

SUGGESTED SOLUTION:

As you are aware while creating a Data Model and when we choose "SQL Query" for obtaining data they will ask us the option to choose between the below (Navigation --> reports and analytics --> Create --> Data Model --> SQL Query --> Data Source):

AudioViewDB
Demo
Oracle BI EE
ApplicationDB_FSCM
ApplicationDB_HCM
ApplicationDB_CRM

Segregate these LOVs using separate privileges and create a new Delivered Role having these privileges. With this user having access to ApplicationDB_HCM related privilege will be ONLY able to see "ApplicationDB_HCM" LOV in the dropdown.

Find more posts tagged with

Needs Votes

Status: Needs Votes

Comments

User_7OQPB

This is a very critical enhancement to secure PI data

Pranay Kumar Kasam

This a Very crucial requirement to secure sensitive information of an Organization and request Oracle to provide segregation on this asap.

User_2BOND

This enhancement is crucial to keep client data protected.

Raja Gangireddy

this is critical enhancement to align report data access with application data access, so that users get to see data based on their assigned data access. also we should be able to control SQL data model access

Dhananjaya-Oracle

One of our customers is also looking for this feature.

Rashid Alkhalifa

This is a very important feature for us. Due to this gap, the access is restricted to a limited number of technical employees which limit the usability of the reporting tool.

Ramchander Pothanolla

This is critical enhancement to align report data access with application data access and very much needed and required.

User_GFC5H

We require this enhancement as it is important to have data segregation.

Shaji Vayaveetil

I wonder how can Oracle release this functionality without the data security in mind. It needs an immediate attention .

Murthy A

This is a much needed functionality and is a compliance and audit requirement to ensure no unwanted access is given to other groups. The advantages of single instance may not be bet used with this limitation.