Oracle Transactional Business Intelligence

Home Oracle Analytics Oracle Analytics Forums More Solutions Oracle Transactional Business Intelligence

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Why user with only Employee role can see OTBI report and share the same permission as BI Consumer

Received Response
322
Views
1
Comments
Chris Tong
Chris Tong Rank 1 - Community Starter
in Oracle Transactional Business Intelligence

As we are assigning user roles and trying to limit their access to certain reports using the OTBI permission, noticed that a user who only assigned with "employee" role (or the customized role copy based on the default employee role) can see OTBI report if the report was set to be read or higher permission with the "BI Consumer" role. We have try modifying the permission, and the performance looks as if the "Employee" role is inheriting the "BI consumer" role. (e.g. if BI consumer role set to be "no access" for certain report then the employee user can't see it; but if the BI consumer is read/ full control, the employee user will have the corresponding level of access). However, when we check the Employee role hierarchy and its duty role/ privileges, we can't see any indication that it has inherit the BI consumer role. The only relevant privilege we can see is that the "Manage report and analytics" has been added as privilege.

Can anyone please help determine:

1. Is the Employee role truly by default share the same permission restriction as "BI consumer" role? If so, why is it not listed as a inherited role? And If it's not related to the "BI consumer" role then how can user with Employee role be able to access so many reports?

2.Based on the observed performance, is there any ways we can control the permission setup for "Employee"? If we don't want it to share the BI consumer permission level , for example, if the BI consumer has full control but we only want employee to have read access, is this doable? Or it will always take the largest range of permission level?

Answers

  • Gaurav Bharadwaj-Oracle
    Gaurav Bharadwaj-Oracle Rank 6 - Analytics Lead

    Hello @Chris Tong,

    Regarding question 1 :
    You can check if the user is inheriting BI Consumer role or not by clicking on the profile icon in OTBI and then click on My Account → Click on the Application Roles tab, You should be able to see BI Consumer in the list.

    Regarding question 2 :
    Its not a good idea to manipulate the permission and access to BI object s using the base BI roles like Consumer/Author/Admin. You should create another role and assign that role to the list of users for whom you want to restrict the access.
    Please review the following : Oracle Fusion OTBI: How to Create Custom Roles for Specialized Reporting Access in Oracle Transactional Business Intelligence (Doc ID 2313667.1)

    If my response has answered your question or assisted you with your concern, please click "yes" below to accept the answer or comment with any additional queries. You can also read the Cloud Customer Connect Guidelines for Accepted Answer

    Regards,

    Gaurav