Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Defining Data Security: Identity Manager or LTS?
Answers
-
0
-
Cool. @Manoj Dixit does this answer your question now? Can ths thread be closed?
0 -
Hi Christian,
Yes, I shall close this thread. I thought I shall complete some hands-on first. No access to slideshare, etc. due to employer's policy. I am sure your, Gianni's and Thomas' inputs will help me cross the finishing line, bit slowly but steadily.
Regards,
Manoj.
0 -
Use Gianni's framework and built out your security in EXCEL -- you can then 'see' the effective permission long before you ever start configuring and applying security. You can create stripes for all sorts of permissions and then have the opportunity to matrix them. It's a risk free way of planning.
0 -
Hi Thomas,
I like and appreciate the help being provided.
But to be honest I feel that the current data access model (based on LTSs) seems to be more easy to create and maintain (which, at the moment, is simple).
With respect to the Identity Manager and Data Filters, I feel that I have to come out of a developer mode and learn about administration (wlc, em, inheritance, deployment, etc.). I don't have a template, can't access the slideshare (right now). And we delete everything from the Identity Manager before deploying a copy of development RPD into other environments (as per deployment instructions given to us - why I do not know - probably because developers, using the same user ids, do not have access to the other environments).
Regards,
Manoj.
0 -
If you want to continue on the LTS way keep in mind you have to filter all of them because if your analysis don't use anything of the filter LTS it will not be used at all => no security applied.
So make sure you add your filters everywhere because with LTS based security it's possible to bypass security if you left some holes ...
0 -
Thanks Gianni. Yes, a developer forgetting to add the WHERE clause condition to all / single LTS can be an issue.
Regards,
Manoj.
0 -
No he meant "If your analyses do never hit that specific LTS then there is NO security applied". Basically precisely what I said above. Identity Manager is more farther-reaching and hence more safe.
You can easilly constrain a dimension by a fact or a fact by a dimnension or a dimension by a dimension over a common fact - which is a lot more work in the LTS.
0 -
Hi Christian,
I think I am now understanding what's being conveyed here.
So, currently, a fact logical table's LTS is joined to a dimension (on which data access is restricted) and a WHERE clause condition is populated with a filter. Now when an end user selects the fact table's measurement and other dimensions' attributes or this dimension's attributes, then the data security is automatically applied by the BI Server.
However, if this user just selects the dimension's attribute columns, then the security is not applied. Are you trying to make me aware of this?
Please let me know as I might be missing an important aspect here.
Thank you.
Regards,
Manoj.
0 -
Yes ...
If you have a fact table FactSales with some filters and 2 dimensions: DimCustomers (without filters) and DimBusinessUnits (with some filters as well):
- Selecting just FactSales and DimCustomers will not apply a single filter of DimBusinessUnits
- Selecting just DimCustomers will not apply a single filter at all
So there you can have "holes" in your security approach because you can't be sure of what the users are going to add (or not add) to their analysis.
So you must add the filters everywhere in such a way that each object taken alone will be filtered etc.
0
![[Deleted User]](https://us.v-cdn.net/6037859/uploads/defaultavatar/nT2GKTLRQJ3P1.jpg)