Categories
- All Categories
- 75 Oracle Analytics News
- 7 Oracle Analytics Videos
- 14K Oracle Analytics Forums
- 5.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 40 Oracle Analytics Trainings
- 59 Oracle Analytics Data Visualizations
- 2 Oracle Analytics Data Visualizations Challenge
- 3 Oracle Analytics Career
- 4 Oracle Analytics Industry
- Find Partners
- For Partners
FAW ERP Data Validation - User Accounts/Security
My understanding of how the data validations run is as follows
- The validation is run against the FAW ADW database (via FAW reporting layer)
- The validation is run against the ERP (via OTBI reporting layer)
- The results are compared and reported back
My question is around what account is used security-wise.
When we set up FAW Data validation, a custom account is created with impersonation rights - but my question is who is that account impersonating.
- For non-scheduled validations, it seem to be using the security of the person running the validation in FAW (both on FAW and OTBI)
- What about scheduled validations? Do these run as the person who scheduled the validation (both in FAW and OTBI)?
FAW allows you to use the functional administrator role to bypass most data access constraints, but we're trying to understand what user is being used on OTBI to see if there is a similar role that can be used to avoid data access errors.
Thanks!
Best Answer
-
Hi @Indra Sardana-Oracle,
The environment, including setting up accounts, should be fully thought out prior to starting the provisioning process. Ideally, you would go with option #1 documented here and Set Up User Access to Oracle Fusion Data Intelligence Using Single Sign-On. This would allow you to synchronize users and groups in Oracle Fusion Cloud Applications with the Oracle Identity Cloud Service instance specified in the Identity Cloud account associated with your Oracle Fusion Cloud Applications instance. Then Federate the Oracle Identity Cloud Service instance specified in the Identity Cloud account associated with your Oracle Fusion Cloud Applications instance to the Oracle Cloud Infrastructure tenancy where Fusion Data Intelligence is provisioned. Keeping these users and groups in sync will prevent you from having to address some of the role granting issues you have mentioned. Also, comparing FAW/FDI and OTBI is one part of data validation but it's not everything.
Regards,
John
0
Answers
-
Please review below documentation which explains which user is used and the roles required.
0 -
- For non-scheduled validations, it seem to be using the security of the person running the validation in FAW (both on FAW and OTBI) : Correct for non-scheduled validations, it use the security of the person running the validation in FAW
- What about scheduled validations? Do these run as the person who scheduled the validation (both in FAW and OTBI)?: For scheduled validations, it use the security of the person who scheduled it.
0 -
Thanks for confirming, Indra.
Do you know - if there is a role on the OTBI side - that provides somewhat of a "global" access data-wise, similar to the Functional Administrator role on the FAW side.
If we can set up an account with Functional Administrator on the FAW side and whatever role is required on the OTBI side, we would be able to run the scheduled validations without concern about running into false alarms due to security restrictions on one side or the other.
0 -
Hi @User_9STVF
Each offering in the FA (OTBI) source like ERP (Financials) has the equivalent of an 'Application Administrator' role. For details See:
If you have a chance, review this Youtube video regarding Data Validation for additional details:
If you find this reply to your question useful, others might as well. By clicking the “Yes” button for “Did this answer the question?” below, you’ll be able to help the community members who might have a similar concern find the answer easier.
Regards,
John
0 -
Do you know - if there is a role on the OTBI side - that provides somewhat of a "global" access data-wise, similar to the Functional Administrator role on the FAW side. : Fusion end custom role can be created which will inherit all the required permission for all OTBI subject area as far i know by default no role exist.
0 -
If we can set up an account with Functional Administrator on the FAW side and whatever role is required on the OTBI side, we would be able to run the scheduled validations without concern about running into false alarms due to security restrictions on one side or the other. : NO you need to have role on the other side that is to OTBI to have access to all subject area's having Functional Administrator on the FAW side only won't suffice the purpose.
0 -
Hi, I have the above access provision to my account, I'm also a Identity domain administrator and a security administrator.
Even with all this access, when I log into FAW I am missing the application administration area that has the data validation area as pictured below in Oracles documentation .
Can someone please help me understand what access I could possible be missing?
0