Oracle Fusion ERP Analytics

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

FAW ERP Data Validation - User Accounts/Security

Accepted answer
120
Views
8
Comments
D.Angle
D.Angle Rank 3 - Community Apprentice

My understanding of how the data validations run is as follows

  • The validation is run against the FAW ADW database (via FAW reporting layer)
  • The validation is run against the ERP (via OTBI reporting layer)
  • The results are compared and reported back

My question is around what account is used security-wise.

When we set up FAW Data validation, a custom account is created with impersonation rights - but my question is who is that account impersonating.

  • For non-scheduled validations, it seem to be using the security of the person running the validation in FAW (both on FAW and OTBI)
  • What about scheduled validations? Do these run as the person who scheduled the validation (both in FAW and OTBI)?

FAW allows you to use the functional administrator role to bypass most data access constraints, but we're trying to understand what user is being used on OTBI to see if there is a similar role that can be used to avoid data access errors.

Thanks!

Tagged:

Best Answer

  • JohnW-Oracle
    JohnW-Oracle Rank 6 - Analytics Lead
    Answer ✓

    Hi @Indra Sardana-Oracle,

    The environment, including setting up accounts, should be fully thought out prior to starting the provisioning process. Ideally, you would go with option #1 documented here https://docs.oracle.com/en/cloud/saas/analytics/24r2/fawag/set-user-access-oracle-fusion-data-intelligence-using-single-sign.html#GUID-4B27DAF6-CA3B-4E7A-97B9-9CFC18749722 and Set Up User Access to Oracle Fusion Data Intelligence Using Single Sign-On. This would allow you to synchronize users and groups in Oracle Fusion Cloud Applications with the Oracle Identity Cloud Service instance specified in the Identity Cloud account associated with your Oracle Fusion Cloud Applications instance. Then Federate the Oracle Identity Cloud Service instance specified in the Identity Cloud account associated with your Oracle Fusion Cloud Applications instance to the Oracle Cloud Infrastructure tenancy where Fusion Data Intelligence is provisioned. Keeping these users and groups in sync will prevent you from having to address some of the role granting issues you have mentioned. Also, comparing FAW/FDI and OTBI is one part of data validation but it's not everything.

    Regards,

    John

Answers

  • FAW_User-Oracle
    FAW_User-Oracle Rank 1 - Community Starter

    Please review below documentation which explains which user is used and the roles required.

    https://docs.oracle.com/en/cloud/saas/analytics/24r2/fawag/validate-oracle-fusion-data-intelligence-data.html

  • Indra Sardana-Oracle
    Indra Sardana-Oracle Rank 5 - Community Champion

    • For non-scheduled validations, it seem to be using the security of the person running the validation in FAW (both on FAW and OTBI) : Correct for non-scheduled validations, it use the security of the person running the validation in FAW
    • What about scheduled validations? Do these run as the person who scheduled the validation (both in FAW and OTBI)?: For scheduled validations, it use the security of the person who scheduled it.

  • D.Angle
    D.Angle Rank 3 - Community Apprentice

    Thanks for confirming, Indra.

    Do you know - if there is a role on the OTBI side - that provides somewhat of a "global" access data-wise, similar to the Functional Administrator role on the FAW side.

    If we can set up an account with Functional Administrator on the FAW side and whatever role is required on the OTBI side, we would be able to run the scheduled validations without concern about running into false alarms due to security restrictions on one side or the other.

  • JohnW-Oracle
    JohnW-Oracle Rank 6 - Analytics Lead

    Hi @User_9STVF

    Each offering in the FA (OTBI) source like ERP (Financials) has the equivalent of an 'Application Administrator' role. For details See: https://docs.oracle.com/en/cloud/saas/financials/24b/oafrm/Financial_Application_Administrator_job_roles.html#Financial_Application_Administrator_job_roles

    If you have a chance, review this Youtube video regarding Data Validation for additional details:

    If you find this reply to your question useful, others might as well. By clicking the “Yes” button for “Did this answer the question?” below, you’ll be able to help the community members who might have a similar concern find the answer easier.

    Regards,

    John

  • Indra Sardana-Oracle
    Indra Sardana-Oracle Rank 5 - Community Champion

    Do you know - if there is a role on the OTBI side - that provides somewhat of a "global" access data-wise, similar to the Functional Administrator role on the FAW side. : Fusion end custom role can be created which will inherit all the required permission for all OTBI subject area as far i know by default no role exist.

  • Indra Sardana-Oracle
    Indra Sardana-Oracle Rank 5 - Community Champion

    If we can set up an account with Functional Administrator on the FAW side and whatever role is required on the OTBI side, we would be able to run the scheduled validations without concern about running into false alarms due to security restrictions on one side or the other. : NO you need to have role on the other side that is to OTBI to have access to all subject area's having Functional Administrator on the FAW side only won't suffice the purpose.

  • Aubrey_K
    Aubrey_K Rank 1 - Community Starter

    Hi, I have the above access provision to my account, I'm also a Identity domain administrator and a security administrator.

    Even with all this access, when I log into FAW I am missing the application administration area that has the data validation area as pictured below in Oracles documentation .

    Can someone please help me understand what access I could possible be missing?