Oracle Fusion Data Intelligence

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Linking Out of the Box Security Groups with Custom Security Groups

Accepted answer
132
Views
9
Comments
D.Angle
D.Angle Rank 3 - Community Apprentice

We have created custom groups in Fusion Analytics, and mapped those groups to Out of the Box Groups (i.e. FAW Functional Administrator).

We are finding that this approach is not effective -

  1. We create a custom group - "Custom Admins"
  2. We put a user in the "Custom Admins" group
  3. We map "Custom Admins" to application roles
    1. this works well - the user benefits from the application roles mapped to "Custom Admins"
  4. We map the out of the box group FAW Functional Administrator to the "Custom Admins" group
    1. this is not effective - the user does not benefit from this group to group relationship
    2. instead we have to put the user into the FAW Functional Administrator group directly (which we'd like to avoid)

Ideally when we set up a user, we'd like to just be able to put them into the "Custom Admins" group and be done.

The way the security is working, we need to put the user into the Custom Admins group and the FAW Functional Administrator group

Not that this is horribly difficult, but it isn't clear why there is an option to "link" or "map" out of the box groups to custom groups if there is no net yield from doing so.

Has anyone else run into this issue - trying to have only one custom group that maps to the required out of the box groups and application roles for that role?

Tagged:

Best Answer

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist
    Answer ✓

    Hi @User_9STVF

    We can create a custom group and map that group to BOTH application roles and licensed groups? —> Yes you can map custom group to application/Licensed roles/groups.

    Regards,

    Arjun

Answers

  • D.Angle
    D.Angle Rank 3 - Community Apprentice
    edited June 2024

    Thanks, Rana - can you help me to find where in that document it refers to linking groups together. I've read that a few times and only see references to adding application roles to groups - not groups to groups.

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist

    Hi @User_9STVF

    Yes we don't have option to add group to group but we can add user to Group or to Application Role.

    Security is Readonly from FAW/FDI Console , IDCS Is source (Except New Application Role creation)

    Regards,

    Arjun

  • D.Angle
    D.Angle Rank 3 - Community Apprentice
    edited June 2024

    Hi Mallikar - thanks for the response.

    Do you see the image I shared above where you can link groups in the FAW Console?

    Are you saying that this used to be an option when the console was the way to manage security, but now that security is through the IDCS console, linking groups like this is no longer supported - it just looks like it is in the FAW console?

    That might be the case - when I log into the FAW security console on a higher version, the group to group linking is no longer presented as an option.

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist
    edited June 2024

    Hi @User_9STVF

    Yes, Seems like you are in the older version where FAW console is allowing to do the security modifications.

    Regards

    Arjun

  • JohnW-Oracle
    JohnW-Oracle Rank 6 - Analytics Lead

    Hi @User_9STVF

    As Arjun said, the newer update of the FAW Console will look like this.

    The 'Manage Groups' button will send you to the IDCS Console where you can map Licensed groups to other Custom groups you create and generally administer your Groups.

    Hope that help.

    Regards,

    John

  • Mallikarjuna Kuppauru-Oracle
    Mallikarjuna Kuppauru-Oracle Rank 8 - Analytics Strategist

    Hi @User_9STVF

    If you think we have answered your quesiton, you can mark as Answered so that it can be an reference for other community members.

    Regards,

    Arjun

  • D.Angle
    D.Angle Rank 3 - Community Apprentice

    Hi. I did want a confirmation as I think I'm reading different things from the responses.

    I am understanding that the security management functionality has moved from the OAX Console to IDCS - but the first response seemed to imply that the ability to map a licensed group to an unlicensed group has also been deprecated, while the second response seems to say the opposite - that group to group mappings are still valid, but must be set up in IDCS.

    Can you confirm if our strategy is correct as long as it is set up in IDCS directly?

    We can create a custom group and map that group to BOTH application roles and licensed groups? The user only needs to be a member of the custom group to realize the benefits of the related application roles and licensed groups?