Fusion ERP Analytics

Products Banner

How to export out the User to Group mapping that is configured in FAW?

Received Response
68
Views
7
Comments

I don't see a way to export the user-group-role mapping from FAW. The Security related subject area allows to generate a report wherever Security Contexts are added. There is one for Audits also. But I don't see a way to generate a report that provides a matrix of user-to-group mapping. Is this possible?

Tagged:

Answers

  • We don't have anything from within FAW Security Console as on the current release. But i remember that there is an Enhancement Request submitted to the concerned team for this feature request.


    But we have a provision in IDCS for the export of association with the below app roles from within IDCS

    • Administrator
    • Author
    • Consumer
    • FunctionalAdmin
    • Modeler
    • ModelerAdmin
    • SecurityAdmin
    • ServiceAdmin

    Navigation is IDCS Console -> Oracle Cloud services -> ANALYTICSAPP_<FAWInstanceName> -> Application Roles -> Export.

    Thanks

  • Madasamy,

    It would help to know the FAW tables containing Group - User mapping, please.

  • It's not exposed where and how the user and group details are stored in IDCS in FAW.

  • Valeriy Gorbunov
    Valeriy Gorbunov ✭✭✭
    edited January 25

    Sumanth V -Oracle,

    We solved the problem by pulling the Roles (Groups in FAW)/Username mapping from Fusion Security into FAW DW but it's more complicated than querying the DW table directly in one way or another, eg., to use a synonym or custom view.

    To complete a final task - automatically upload specific Security Assignment for a list of selected users we use this process:

    Generate Role-User mapping in OTBI; Stream the mapping into FAW DW custom table; Oracle automatically creates Security Assignment(s) for each user on the list. (last step is not working yet SR 3-35477996801)

    Yes, Sushanta Chakraborty-Oracle

    There's no problem to get Excel report for Group/User mapping from UI: FAW>Console>Security>Security Assignments>Downloads but we needed the data in DW for automatic process (see the final task above), and manual steps are not allowed.

  • @Valeriy Gorbunov FAW>Console>Security>Security Assignments>Downloads provides the user to security assignments, if any. That is not what I was looking for.

    I was looking for a way to pull the [User - to - Groups - to - FAW Application Roles] mapping.

    The user-to-group mappings get synced automatically in FAW when you provision it. Problem is, for us all these Groups (coming from Fusion) are custom. Therefore, while we do get the User to Group mapping, we still have to associate FAW Application Roles (Duty and Data) to each of these groups separately. After the entire job is done, we now need to document this whole thing. Which user belongs to which group, and what FAW application roles are assigned to that group. Hope you understand my question.

  • Valeriy Gorbunov
    Valeriy Gorbunov ✭✭✭
    edited January 30

    Sushanta Chakraborty-Oracle

    I exactly understand your problem. Try this:

    FAW: Console>Application Administration>Uploads>Download File>User Group Mapping>Current

    You will have a zipped CSV file with all Fusion roles by a Username plus FAW Application roles on top. The file is definitely contains all Oracle seeded FAW Application roles, cannot guarantee your custom FAW Data roles will be included. Please let me know your results.

    Thanks, Val

  • Thanks Val.

    I did exactly as you said, and upon looking into the downloaded CSV I see that the User - to - Group mapping information is present, and this includes the Fusion Custom Groups and the FAW License Groups as well.

    Unfortunately, all our users belong to Fusion custom groups. We had to add the FAW Application data and duty roles to these FA Custom Groups. That information is not in this CSV. And that is precisely what I am looking for.

    As an example, let's consider a custom Group (that flowed in from Fusion): XXX Hiring Manager

    There are two user that belongs to this group - say User1 and User2

    We have added the FAW Application Duty role "Recruitment Analysis Duty Role" and FAW Application Data Role "Recruitment Job Requisition Data Security" to this. I need a report that delivers this result:

    User|Group|Application Role

    --------------------------------

    User1|XXX Hiring Manager|Recruitment Analysis Duty Role

    User1|XXX Hiring Manager|Recruitment Job Requisition Data Security

    User2|XXX Hiring Manager|Recruitment Analysis Duty Role

    User2|XXX Hiring Manager|Recruitment Job Requisition Data Security

    --------------------------------

    The data must be there in some tables, or a set of tables. I guess we need to write a SQL - that seems to be the only way. Any thoughts?